Secrets
Secrets allow you to define secrets for an App, that can be used for configuration
Secrets allow you to configure Components with sensitive values and keys.
Secrets are defined with a secrets.toml
and incorporated in the CloudFormation stack. This allows users to enter values when clicking on the stack link in the Nuon Dashboard, during the initial step of an Install where the Runner is created as a VM. Secrets are then stored in the user’s AWS Secrets Manager.
Because the user creates the CloudFormation stack from that Nuon-generated CloudFormation template using their cloud credentials, the user can enter the secret values at that time. Nuon will never see the secret values, as they are not stored in the Nuon data plane.
Secrets can be used to configure Components and Actions using variables.
How do you configure a Secret?
Within your App Config directory, create a file named secrets.toml
. This file will contain the configuration for your Secrets. Alternatively, you can create a directory named secrets
and place individual Secret files inside it, such as github_app_key.toml
, vendor_license_key
.
Use the key-value pair kubernetes_sync = true
to indicate that the Secret should be synced to Kubernetes as a Secret object. The kubernetes_secret_namespace
and kubernetes_secret_name
fields specify where the Secret will be created in Kubernetes.
The nuon secrets
command is deprecated and will be removed in a future release.
Configuring Components with Secrets
Reference the Secrets from AWS Secrets Manager as outputs from the CloudFormation stack, and then use them in your Component config.
Configuring Actions with Secrets
Reference the Secrets from AWS Secrets Manager as outputs from the CloudFormation stack, and then use them in your Actions config. In this example, the secret is assigned to an Action environment variable and then referenced in a script. Note the script is stored in the src
directory of the App Config.
Changing Secrets Outside of the App Config
If you need to change a Secret value outside of the App Config, e.g., in AWS Secrets Manager and use manual means to apply the Secret to your infrastructure, understand that Nuon will not detect the change. In order for Nuon to be aware of the change, you will have to either reprovision the Install or review the Dependency Graph in the Dashboard and manually reinstall the Components or Actions that depend on the Secret.
If you have a use case for working with secret values not covered here, please let us know