Build the 1 Minute QuickstartGet the Latest ReleaseSee the CHANGELOGCreate a Feature Request / Bug ReportJoin the Conversation
HomeGuidesRecipes
Build the 1 Minute QuickstartGet the Latest ReleaseSee the CHANGELOGCreate a Feature Request / Bug ReportJoin the Conversation
Guides

Loading Secrets

Suggest Edits

Secrets, such as API keys or usernames and passwords, can be optionally loaded into select components using pattern matching and string interpolation. Secrets are kept in memory for up to 15 minutes after retrieval and should never be written directly into configuration files.

Secrets Pattern

Secrets are retrieved and injected into configurations during runtime by matching this pattern: ${SECRETS_[LOCATION]:[NAME]}.

For example, if a secrets-aware configuration contains the string /path/to/${SECRETS_ENV:FOO}, then the pattern is matched and the secret (the value stored in the environment variable FOO) is injected into the configuration at runtime.

Secrets Locations

Secrets can be stored in any of these locations:

  • Environment Variable
    • Location: ENV
    • Name: the name of the environment variable
  • AWS Secrets Manager
    • Location: AWS
    • Name: the name of the secret in Secrets Manager

Updated over 1 year ago