v0.19.544
Customer Secrets
Customer input secrets can be defined in yoursecrets.toml
config. This allows you to define secrets that need to be
added by users when provisioning an install via the CloudFormation stack.
You can define a secret with the following config:
required
secrets will cause the CloudFormation Stack to fail, if not added.Auto Generated Secrets
You can automatically generate a secret value by adding theauto_generate: true
field.
For instance, to create a unique value that is configured in your cluster:
Automatic Syncing
You can automatically sync secrets into your sandbox kubernetes cluster by adding thekubernetes_sync: true
value to
your config.
Syncing can be disabled via your config, and requires that correct permissions are enabled for the Provision role
in your
permissions.toml
.Outputs
You can use the outputs of a synced secret using the{{.nuon.secrets}}
template. The values
If you do not see your secrets in {{.nuon.secrets}}
, it means you do not have syncing on. You can reference the
source ARN directly using {{.nuon.install_stack.outputs}}
.
If you are having trouble working with your state, we recommend adding it directly to your readme using the following block.
Secret values are not available in your state, and can only be read from your application by using the source
secret (AWS Secrets Manager) or the Kubernetes secret directly.
Life Cycle
Currently secrets are synced onProvision
, Reprovision
and ReprovisionSandbox
workflows.
We currently do not automatically sync secrets. We are considering this for a future release
Fixes
- Fixed an issue where terraform state was attempted to be displayed on all component types.
- Fixed a bug with dependency ordering.
- Fixed a bug in helm value templating.
- Fixed a bug where syncing an app with no installer, components or actions could fail.
- Fixed an issue where secrets would not sync when the kubernetes name was not valid.