Secret Management

The purpose of this plugin is to prevent exposing sensitive data at the interface level. A secret contains a :

  • name: the name will be exposed in the interface to refer to the value without exposing it.

  • value: the value that we don’t want to expose in the interface.

  • description: content to identify what contains the secret, it supports Markdown formatting. All these parameters are mandatory, they cannot be empty.

The value will never be displayed once again in the interface after the creation, make sure to provide a precise description of the secret variable to be able to identify it.

The secrets are stored as clear text in the file located at /var/rudder/configuration-repository/secrets/secrets.json on the server. The value is only hidden in the interface.

How to use

  1. Create a secret variable

create secret
secret interface

When a secret is edited, only non-empty fields are modified.

Once a secret created, you will not be able to modify his name from the interface.

edit secret
  1. In a node property use the format ${data.secret[secret_name]} or ${rudder-data.secret[secret_name]} in a JSON

  2. The value will be interpolated by the real value of secret_name create earlier in the plugin interface

← Scale out relay servers User management →