Skip to main content

Manage Secrets

Overview

StackSpot manages and stores external credentials, which are credentials created in other tools. These credentials are integrated into the Platform for secure and efficient use in various contents and processes within StackSpot. Secrets are sensitive credentials that facilitate secure communication between systems and services. For example:

  • An application can use a private API key to connect to a payment system.

  • A database requires a username and password to access stored information.

Examples of Secrets on a daily basis

  • Wi-Fi password: A Secret you do not want to share with anyone. - Credit card PIN: Protects access to your money.

  • Email password: Ensures the privacy of your messages and protects your account from breaches. Within StackSpot EDP, you can register the following types of Secrets:

  • API Keys - Bearer Tokens

  • Client Credentials (OAuth)

  • Certificates - Key-value pairs (more flexible input)

Why is protecting Secrets necessary?

Exposing a Secret can severely compromise the security of systems, leading to unauthorized access, data leaks, and other significant consequences. Storing Secrets in secure locations, such as Secret Managers, is crucial to mitigate these risks. These managers serve as digital vaults specifically designed to protect sensitive information.

Manage Secrets on StackSpot

The StackSpot EDP Secrets Manager helps you secure sensitive information, such as passwords, access keys, authentication tokens, and external database credentials. These pieces of data, referred to as "Secrets," are essential for establishing secure connections between systems and services. This functionality allows you to centralize, protect, and efficiently manage this sensitive data within the Platform, ensuring the security and integrity of your systems at three levels:

  1. Organization
  2. Workspace
  3. Personal

Register external Secrets at your Organization's level

By registering secrets at your organization level, you ensure they are protected against leaks and misuse by individuals or software outside your organization.

Follow the steps below to register secrets, ensuring they are used securely by all users in your organization:

Prerequisites

  • You must have permission from the Account Holder or Account Manager.

Access the Permissions page for more information.

Steps to register a Secret

Step 1: Access the StackSpot Portal. You have two options to access the portal:

  1. Go directly to the Account Portal.
  2. After logging into the StackSpot EDP Portal, click on your profile avatar.

Step 2: Click the 'Organization' option, then click on 'Identity and Security';

Step 3: Click on the 'Secrets Manager' section;

Step 4: Click the 'Register secret' button to start the registration process;

Step 5: In the 'Availability' field, select one of the following options:

  • Entire organization
  • Spot (StackSpot AI)

Each option in the Availability field will generate a different type of field, as described below:

The Entire organization option requires you to select the Credential Type:

  1. API Key: Used to authenticate client application requests to APIs. Fill out the fields:
  • Secret Name
  • Header Name
  • Value
  • Expiration Date (Optional)
  1. Bearer Tokens (OAuth): Tokens issued as part of the OAuth2 authorization framework allow clients to access protected resources. Fill out the fields:
  • Secret Name
  • Header Name
  • Header Value
  • Expiration Date (Optional)

  1. Client Credentials: Commonly used for server-to-server communication; a client application must authenticate using client credentials. Fill out the fields:

    • Secret Name
    • Client ID
    • URL
    • Client Secret

  2. Certificate: Client certificates are used for mutual TLS authentication, ensuring identity validation and encrypted communication. Fill out the fields:

  • Secret Name
  • Certificate: Drag and drop the files. Private Key (Optional): You can drag and drop the files. Only .key files are supported.
  • Expiration Date: Automatically filled when adding the certificate.
  1. Key/Value (Key/Value). Fill out the fields:
  • Secret Name
  • Registration Method: Choose between adding a file or entering the key and value manually.
  • Expiration Date (Optional)

The option Spot requires you to select the Spot:

  • CodeCrafters
  • Bytebards
  • GlitchGuardians
  • QuantumQuorums
  • NeuralNinjas
  • EchoEngineers

Step 6: Click the 'Register Secret' button.

Step 7: Check your secret on the listing screen after registration. You will be able to view information such as:

  • Secret name
  • Credential Type
  • Availability
  • Creation Date
  • Expiration Date
  • Secret Status

How to edit a Secret

warning
  • Make sure to copy and save the secret information when registering it, as some data may not be displayed again. Use the edit functionality to verify where the Secret is applied before making any changes or deletions.

You can edit a registered Secret by following these steps:

Step 1: In the StackSpot Portal, go to the 'Secrets' section; Step 2: Click the 'More Options' button next to the secret you want to edit;

Step 3: Click the 'Edit' button to edit the Secret. Fill in the required fields:

  • New header name
  • New header value
  • Expiration Date (Optional)

To confirm, click the 'Save changes' button.

How to delete a Secret

If a Secret has not been used for 30 days, it will automatically be marked as Inactive.

The StackSpot Portal notifies you of the deletion when there are 15, 10, and 1 day left before a Secret is deleted. From the moment the Secret becomes Inactive and you are notified, you have the following options:

  • Use the Secret again so that it is automatically reactivated and its status changes from Scheduled for Deletion to Active. You can reactivate it within the 30-day period.

  • Choose to delete the Secret now.

  • Schedule the deletion for 30 days.

See below the steps for the last two options: Delete a Secret now and Schedule Secret deletion.

Delete a Secret now

You can immediately delete a Secret if it has one of the following statuses:

  • Active
  • Inactive
  • Scheduled for Deletion
danger

Deleting a Secret is an irreversible process.

Step 1. In the 'Secrets' section, click the 'More Options' button;

Step 2. Click the 'Delete Secret' button;

Step 3. Then, select the Delete Now option;

Before deleting, you can view and search where the Secret is being used.

Step 4. To finish, type the word DELETE. Then, click the 'Delete secret' button.

Done, you have finished deleting a Secret.

Schedule Secret deletion

Step 1. In the 'Secrets' section, click the 'More Options' button;

Step 2. Click the 'Delete Secret' button;

Step 3. Then, select the Schedule deletion option;

Step 4. To finish, type the word DELETE. Then, click the 'Delete secret' button.

Done, you have finished scheduling the deletion of a Secret.

tip

If you change your mind, you can cancel the scheduled deletion of a Secret. To do this, follow the steps below:

Step 1. Click the More options button on the Secret with scheduled deletion. Then, click the 'Cancel deletion' button;

Step 2. To confirm, click the 'Cancel deletion' button.

Done, you have canceled the scheduled deletion of a Secret.

Learn More