Secret Value

About

Secrets are a piece of information that you don't want to be visible in clear in your code or to leak in any way (log, console, …)

The most known secret are tokens that represents a credential in order to log in to a system:

• password
• passphrase
• api key
• …

To enhance secrecy you may also want to cache other information such as the location of you system (host, port,…)

Ciphered Secret Format

We support the following ciphered secret values:

• Os env variable: in the conf file. ie
  • ${MY_SECRET} or $SECRET
  • or a template string foo${MY_SECRET}bar
• Tabul Vault: Tabul encrypted value
• HashiCorp Vault: vault:/path/to/secret/fieldName (Enterprise Edition)
• For any other external vault, contact us

FAQ

Are Environment variables considered secret ?

Environment variables are not considered secret by default unless:

• they have a encrypted value
• they have in their name secret, key, password, pwd or passphrase

attribute: ${MY_SECRET}

Are Conf Vault attributes considered secret ?

Conf Vault value are not considered secret by default unless:

• the attribute name contains password or passphrase
• their value is:
  • an Os env variable ie ${MY_SECRET} or $SECRET, foo${MY_SECRET}bar
  • or a Tabul vault encrypted value