Add secrets and configuration values to your apps.
Secrets are used to pass encrypted values to services at run time. Secrets are declarative, and are versioned per commit.
When you add a new secret using
pt secrets edit, your secrets are encrypted and pushed to your
cloud account. A
secrets.yml manifest file is committed in your local directory.
Secrets are declarative and versioned with your code. To rollback secrets, simple roll your service back to a specific
git commit using
Secrets are added interactively using
pt secrets edit. This command will lookup the secrets for
a service, decrypt them and open a text file with plain yaml to edit:
api_key: secret-key stage: api_key: stage-api-key
When you close this file, each secret will be encrypted, stored and your manifest updated.
While secrets are stored in your cloud account as blobs, configs live locally in your code. To add a configuration value
for your service, simply add a
configs.yml file in your service directory.
db_connections: 10 stage: db_connections: 1
If both a config and secret exist for the same key, the secret value will take precedence
When adding a secret or config, add an environment namespace to apply them to a specific environment:
test: key: value
Top level values are considered defaults and applied in all environments.
Secrets and configs are exposed to your serverless and container components as both a file and environment variables.
Secrets and configs are written in
json format to
Secrets and configs are written as environment variables such as
To add complex type configs or secrets, we recommend accessing them using the
json file format
The following built in configs are added by PowerTools:
You can access config or secret values in your builds, using build hooks. Simply add a secret or config using the
build namespace, and it will be added as an environment variable to any build hook declared for your service.
Occasionally, you may want to decrypt and resolve settings for a service in a particular environment.
To decrypt secrets:
pt secrets decrypt.
To resolve settings
pt settings resolve.