HomeGuides
Try a DemoGet the Latest ReleaseSee the CHANGELOGCreate a Feature Request / Bug ReportJoin the Conversation
Guides

Secrets Store

Secrets Store provides functions that retrieve and manage external secrets inside of Substation.

The Secrets Store is used for:

  • Retrieving secrets from external secrets management systems
  • Managing secrets in memory within Substation
  • Referencing secrets in transform configurations using pattern matching and string interpolation

Secrets are retrieved from external systems using the utility_secret transform. Items in the Secrets Store are interpolated into specific transform configurations using the pattern ${SECRET:ID}, where ID is the name of a secret retrieved from the external system. See the project repository for an example.

aws.secrets_manager

Secrets are retrieved from AWS Secrets Manager.

Settings

FieldTypeDescriptionRequired
idstringThe internal ID that the secret value is referenced as.Yes
ttl_offsetstringThe amount of time that the secret is available for use before it is evicted from the store.

Defaults to 15m (15 minutes).
Yes
aws.arnstringAWS resource (Secret) that is accessed.Yes
aws.assume_role_arnstringAWS role that is used to authenticate.

Defaults to an empty string (no role assumption is used).
No

environment_variable

Secrets are retrieved from an environment variable on the local system.

Settings

FieldTypeDescriptionRequired
idstringThe internal ID that the secret value is referenced as.Yes
namestringThe name of the environment variable that the secret is retrieved from.Yes
ttl_offsetstringThe amount of time that the secret is available for use before it is evicted from the store.

Defaults to 15m (15 minutes).
Yes