Skip to main content

Manage Secrets

Overview

StackSpot manages and stores external credentials—credentials created in other tools—that are integrated into the Platform for secure and efficient use across different features and processes. Secrets are sensitive credentials that enable secure communication between systems and services. For example:

  • An application uses a private API key to connect to a payment system.
  • A database requires a username and password to access stored information.

Examples of Secrets in daily life

  • Wi-Fi password: A Secret you don’t want to share with everyone.
  • Credit card PIN: Protects access to your money.
  • Email password: Ensures the privacy of your messages and protects your account from unauthorized access.

In StackSpot EDP, you can register the following types of Secrets:

  • API Keys
  • Bearer Tokens
  • Client Credentials (OAuth)
  • Certificates
  • Key-value pairs (for flexible input)

Why is it necessary to protect Secrets?

Exposing a Secret can seriously compromise system security, leading to unauthorized access, data leaks, and other serious consequences. Storing Secrets in secure locations, such as Secret Managers, is crucial to reduce these risks. Secret Managers act as digital vaults designed specifically to protect sensitive information.

Manage Secrets on StackSpot

The StackSpot EDP Secrets Manager helps you securely store sensitive information, such as passwords, access keys, authentication tokens, and external database credentials. These data, called "Secrets," are essential for secure connections between systems and services.

This feature lets you centralize, protect, and efficiently manage sensitive data within the Platform, ensuring the security and integrity of your systems at three levels:

  1. Organization
  2. Workspace
  3. Personal

Register external Secrets at the Organization level

By registering Secrets at the organization level, you protect them against leaks and misuse by people or software outside your organization.

Follow the steps below to register Secrets and ensure secure usage across your organization:

Prerequisites

  • You must have Account Holder or Account Manager permission.

See the Permissions page for more information.

Steps to register a Secret

Step 1: Access the StackSpot Portal. You have two options to access the portal:

  1. Go to the Account Portal.
  2. After logging into the StackSpot EDP Portal, click on your profile avatar.

Step 2: Click the 'Organization' option, then click on 'Identity and Security';

Step 3: Click on the 'Secrets Manager' section;

Step 4: Click the 'Register secret' button to start the registration process;

Step 5: In the 'Availability' field, select one of the following options:

  • Entire organization
  • Spot (StackSpot AI)

Each option in the Availability field will generate a different type of field, as described below:

The Entire organization option requires you to select the Credential Type:

  1. API Key: Used to authenticate client application requests to APIs. Fill out the fields:
  • Secret Name
  • Header Name
  • Value
  • Expiration Date (Optional)
  1. Bearer Tokens (OAuth): Tokens issued as part of the OAuth2 authorization framework allow clients to access protected resources. Fill out the fields:
  • Secret Name
  • Header Name
  • Header Value
  • Expiration Date (Optional)

  1. Client Credentials: Commonly used for server-to-server communication; a client application must authenticate using client credentials. Fill out the fields:

    • Secret Name
    • Client ID
    • URL
    • Client Secret

  2. Certificate: Client certificates are used for mutual TLS authentication, ensuring identity validation and encrypted communication. Fill out the fields:

  • Secret Name
  • Certificate: Drag and drop the files. Private Key (Optional): You can drag and drop the files. Only .key files are supported.
  • Expiration Date: Automatically filled when adding the certificate.
  1. Key/Value (Key/Value). Fill out the fields:
  • Secret Name
  • Registration Method: Choose between adding a file or entering the key and value manually.
  • Expiration Date (Optional)

The option Spot requires you to select the Spot:

  • CodeCrafters
  • Bytebards
  • GlitchGuardians
  • QuantumQuorums
  • NeuralNinjas
  • EchoEngineers

Step 6: Click the 'Register Secret' button;

Step 7: Check your secret on the listing screen after registration. You will be able to view information such as:

  • Secret name
  • Credential Type
  • Availability
  • Creation Date
  • Expiration Date
  • Secret Status

How to edit a Secret

danger
  • Make sure to copy and save Secret information when registering it, as some data may not be displayed again.
  • Use the edit feature to check where the Secret is used before making any changes or deletions.

To edit a registered Secret, follow the steps below:

Step 1: In the StackSpot Portal, go to the Secrets section;

Step 2: Click the More Options button next to the Secret you want to edit;

Step 3: Click the Edit button. Fill in the required fields:

  • New header name
  • New header value
  • Expiration date (optional)

To confirm, click Save changes.

How to delete a Secret

If a Secret is not used for 30 days, it will automatically become Inactive.

The StackSpot Portal notifies you 15, 10, and 1 day before a Secret is deleted. When a Secret becomes Inactive and you are notified, you have these options:

  • Use the Secret again within the 30-day period to automatically reactivate it, changing its status from Scheduled for deletion to Active.
  • Delete the Secret immediately.
  • Schedule the Secret for deletion in 30 days.

See below for steps to delete a Secret now or schedule Secret deletion.

Delete a Secret now

You can immediately delete a Secret if it is in any of these statuses:

  • Active
  • Inactive
  • Scheduled for Deletion
danger

Deleting a Secret is an irreversible process.

Step 1: In the Secrets section, click the More Options button;

Step 2: Click Delete Secret;

Step 3: Select the Delete now option;

Before deleting, you can view and search all the places where the Secret is used.

Step 4: To confirm, type DELETE and click Delete Secret;

The Secret will be deleted within 30 days.

Schedule Secret deletion

Step 1: In the Secrets section, click the More Options button;

Step 2: Click Delete Secret;

Step 3: Select the Schedule deletion option;

Step 4: To confirm, type DELETE and click Delete Secret;

The Secret is now scheduled for deletion.

tip

If needed, you can cancel the scheduled deletion of a Secret. To do this:

Step 1: Click the More Options button next to the Secret scheduled for deletion, then click Cancel Deletion;

Step 2: To confirm, click Cancel Deletion again.

The scheduled deletion has been canceled.

Learn More