Skip to content

Secrets

Omnistrate allows you to include sensitive information in your deployment specifications through the use of secrets. A secret is defined as a name-value pair. Secret names can be used as placeholders in service definitions that are replaced with their respective values during a deployment. You can use secrets in various places in your Helm Charts, Kubernetes Operators, Kustomize templates, Terraform templates, and Docker Compose configurations.

Secrets are defined at the service environment type level (Dev, Stage, Prod, etc.). Therefore you can use different values for the same secret depending on what type of environment the deployment is launched in. For example, you could define a dbPassword secret that has the value of your development database password in your Dev environments and the value of your production database password in Prod environments.

Creating Secrets

Secrets can be created using the Omnistrate API, CTL, or on the UI.

Secrets UI

Usage

Secrets are used in the following format: $secret.<secret-name>. For example, $secret.dbPassword.

Secrets can be used when defining a service using Docker compose, Helm Charts (as part of the Helm Chart values), Operators (as part of the required Helm charts values or the operator configuration), as part of Kustomize or Terraform templates.

environment:
  - POSTGRESQL_DATABASE=$var.dbDatabase
  - POSTGRESQL_USERNAME=$var.dbUsername
  - POSTGRESQL_PASSWORD=$secret.dbPassword

Info

All secret values are string type.

Example secrets usage in Helm Chart configuration:

services:
  - name: Example Service
    helmChartConfiguration:
      chartName: example-chart
      chartVersion: 0.1.1
      chartRepoName: example-chart-repo
      chartRepoURL: https://raw.githubusercontent.com/omnistrate-community/example-chart-repo/main
      chartValues:
        auth:
          database: $var.dbDatabase
          username: $var.dbUsername
          password: $secret.dbPassword