App secrets allow you to configure components with sensitive values and keys. Secrets are managed via the CLI, and can be used to configure components using variables.

Secrets are write only, and can not be directly read using the CLI or API once created.

Managing Secrets

The nuon secrets command namespace offers common operations to manage secrets.

To create a secret named api_token with the value abc:

nuon
nuon secrets create --name=api_token --value=abc

Secrets are write-only, and can be replaced by simply running the create command again, with the same value.

To delete an app secret that is no longer being used by any application components:

nuon
nuon secrets delete --name=api_token

Secrets belong to an app. Please make sure to have an app selected in your context using nuon apps select or pass the -a flag to specify an app.

Viewing Available Secrets

You can view all available secrets via the CLI:

nuon
nuon secrets list

Secret values can not be directly read via the CLI.

Configuring Components

You can configure a component using an app secret by using template vars. To reference any secret, use {{.nuon.app.secrets.<secret-name>}}.

For example, if you create a secret named api_token:

nuon
nuon secrets create --name=api_token --value=abc

You can then configure any component to use this secret using {{.nuon.app.secrets.api_token}}.

App Secrets vs Install Secrets

App secrets are useful for configuration that needs to be the same across each install of an app.

Install secrets, that are configured per end user can be configured several common ways:

  1. Accepting a sensitive app-input provided by the customer during installation.
  2. Reading a customer provisioned secret, such as from AWS Secrets Manager.
  3. Dynamically generating + managing secrets using a Terraform component.

If you have a use case for working with secret values not covered here, please let us know