Manage Secrets

You can manage Secrets just as you would any other configuration.

tip

Codiac has read-only access to your existing Secrets and Secret stores. It cannot create, edit, or remove Secret values or the Secret store itself. See your cloud service provider for instructions on creating and managing Secrets and Secret stores.

info

Secrets are only stored in your running node, where they are protected with encryption at rest.

Prerequisites

• Basic Codiac Prerequisites
• A Secret Store set up with your cloud service provider and added to your Codiac account.
• A Secret saved in your external Secret Store.

Add

1. Use codiac config set with the #REF| syntax to add or edit a Secret:

codiac config set #REF|PROVIDER_VALUES

2. Replace PROVIDER_VALUES with the values required by your cloud service provider:

• AWS: #REF|awsKeyVault|SECRET_STORE_NAME|aws|AWS_ACCOUNT_ID|REGION|SECRET_NAME
• Azure: #REF|azKeyVault|SECRET_STORE_NAME|SECRET_NAME

3. For example, the command to apply a Secret named locker-combo from an AWS Key Vault named our-dev-secrets in us-west-1 is:

codiac config set #REF|awsKeyVault|our-dev-secrets|aws|123456789|us-west-1|locker-combo

The command to apply a Secret named locker-combo from an Azure Key Vault named our-dev-secrets is:

codiac config set #REF|azKeyVault|our-dev-secrets|locker-combo

tip

Do you have an existing configuration you want to copy over to a new asset? Use pipes!