Working with Secrets

When creating an instance of a service in Open Source Cloud you can provide the instance with parameters. What type of parameters you provide is specific to the service. If a parameter contains sensitive information such as access keys or passwords you don't want to enter them in clear text, and to avoid this we provide the possibility to enter a reference to a Service Secret instead.

What is a Service Secret?

A Service Secret is specific to each service and cannot be shared among the services. You can create and update a secret but once created there is no way to see that the secret contains. To provide the contents of a secret to an instance parameter you refer to it using double curly brackets. For example a secret named mysecret is referenced as {{secrets.mysecret}}.

Creating a secret

A user with the tenant administration role can create and modify secrets. For this user there is a tab called "Service Secret" on the service page.

To create a new secret click on the button "New Secret".

Enter a name of the secret, for example mysecret and enter the secret value. Click on the eye icon to display what you have entered. Once saved it will not be visible anymore.

Now press button "Create Secret" to close the modal and save the secret.

The secret you created is now available in the list of secrets for this service.

Modify a secret

There is now way to actual see the secret but you can modify and change it. Click on the button Edit in the secrets table.

The same dialog is opened with the difference is that you cannot change the name of the secret. Enter the new value and click on Update Secret to save.

Refer to a secret

Now when you want to provide the instance parameters you can refer to the secrets you created. Either manually by entering the curly brackets or pressing the key button and get a list of secrets to choose from.

Providing instance parameters as secrets may now look like this.