App Secrets
App secrets allow you to configure components with sensitive values and keys. Secrets are managed via the CLI, and can be used to configure components using variables.
Secrets are write only, and can not be directly read using the CLI or API once created.
Managing Secrets
The nuon secrets
command namespace offers common operations to manage secrets.
To create a secret named api_token
with the value abc
:
Secrets are write-only, and can be replaced by simply running the create command again, with the same value.
To delete an app secret that is no longer being used by any application components:
Viewing Available Secrets
You can view all available secrets via the CLI:
Secret values can not be directly read via the CLI.
Configuring Components
You can configure a component using an app secret by using template vars. To reference any secret,
use {{.nuon.app.secrets.<secret-name>}}
.
For example, if you create a secret named api_token
:
You can then configure any component to use this secret using {{.nuon.app.secrets.api_token}}
.
App Secrets vs Install Secrets
App secrets are useful for configuration that needs to be the same across each install of an app.
Install secrets, that are configured per end user can be configured several common ways:
- Accepting a
sensitive
app-input provided by the customer during installation. - Reading a customer provisioned secret, such as from AWS Secrets Manager.
- Dynamically generating + managing secrets using a Terraform component.