Secrets¶
Omnistrate allows you to include sensitive information in your deployment specifications through the use of secrets. A secret is defined as a name-value pair. Secret names can be used as placeholders in service definitions that are replaced with their respective values during a deployment. You can use secrets in various places in your Helm Charts, Kubernetes Operators, Kustomize templates, Terraform templates, and Docker Compose configurations.
Secrets are defined at the service environment type level (Dev, Stage, Prod, etc.). Therefore you can use different values for the same secret depending on what type of environment the deployment is launched in. For example, you could define a dbPassword
secret that has the value of your development database password in your Dev environments and the value of your production database password in Prod environments.
Creating Secrets¶
Secrets can be created using the Omnistrate API, CTL, or on the UI.
Usage¶
Secrets are used in the following format: $secret.<secret-name>
. For example, $secret.dbPassword
.
Secrets can be used when defining a service using Docker compose, Helm Charts (as part of the Helm Chart values), Operators (as part of the required Helm charts values or the operator configuration), as part of Kustomize or Terraform templates.
environment:
- POSTGRESQL_DATABASE=$var.dbDatabase
- POSTGRESQL_USERNAME=$var.dbUsername
- POSTGRESQL_PASSWORD=$secret.dbPassword
Info
All secret values are string type.
Example secrets usage in Helm Chart configuration:
services:
- name: Example Service
helmChartConfiguration:
chartName: example-chart
chartVersion: 0.1.1
chartRepoName: example-chart-repo
chartRepoURL: https://raw.githubusercontent.com/omnistrate-community/example-chart-repo/main
chartValues:
auth:
database: $var.dbDatabase
username: $var.dbUsername
password: $secret.dbPassword