Secrets Store
Secrets Store provides functions that retrieve and manage external secrets inside of Substation.
The Secrets Store is used for:
- Retrieving secrets from external secrets management systems
- Managing secrets in memory within Substation
- Referencing secrets in transform configurations using pattern matching and string interpolation
Secrets are retrieved from external systems using the utility_secret transform. Items in the Secrets Store are interpolated into specific transform configurations using the pattern ${SECRET:ID}, where ID is the name of a secret retrieved from the external system. See the project repository for an example.
aws.secrets_manager
Secrets are retrieved from AWS Secrets Manager.
Settings
| Field | Type | Description | Required |
|---|---|---|---|
| id | string | The internal ID that the secret value is referenced as. | Yes |
| ttl_offset | string | The amount of time that the secret is available for use before it is evicted from the store. Defaults to 15m (15 minutes). | Yes |
| aws.arn | string | AWS resource (Secret) that is accessed. | Yes |
| aws.assume_role_arn | string | AWS role that is used to authenticate. Defaults to an empty string (no role assumption is used). | No |
environment_variable
Secrets are retrieved from an environment variable on the local system.
Settings
| Field | Type | Description | Required |
|---|---|---|---|
| id | string | The internal ID that the secret value is referenced as. | Yes |
| name | string | The name of the environment variable that the secret is retrieved from. | Yes |
| ttl_offset | string | The amount of time that the secret is available for use before it is evicted from the store. Defaults to 15m (15 minutes). | Yes |
Updated 3 months ago