Skip to content

App Secrets

App secrets allow you to configure components with sensitive values and keys. Secrets are managed via the CLI, and can be used to configure components using variables.

Secrets are write only, and can not be directly read using the CLI or API once created.

Managing Secrets

The nuon secrets command namespace offers common operations to manage secrets.

To create a secret named api_token with the value abc:

Terminal window
nuon secrets create --name=api_token --value=abc

Secrets are write-only, and can be replaced by simply running the create command again, with the same value.

To delete an app secret that is no longer being used by any application components:

Terminal window
nuon secrets delete --name=api_token

Viewing Available Secrets

You can view all available secrets via the CLI:

Terminal window
nuon secrets list

Secret values can not be directly read via the CLI.

Configuring Components

You can configure a component using an app secret by using template vars. To reference any secret, use {{.nuon.app.secrets.<secret-name>}}.

For example, if you create a secret named api_token:

Terminal window
nuon secrets create --name=api_token --value=abc

You can then configure any component to use this secret using {{.nuon.app.secrets.api_token}}.

App Secrets vs Install Secrets

App secrets are useful for configuration that needs to be the same across each install of an app.

Install secrets, that are configured per end user can be configured several common ways:

  1. Accepting a sensitive app-input provided by the customer during installation.
  2. Reading a customer provisioned secret, such as from AWS Secrets Manager.
  3. Dynamically generating + managing secrets using a Terraform component.