Manage Secrets
Secrets can be stored in personal profiles, allowing sensitive information such as access keys, tokens, and credentials to be securely utilized in specific contexts.
Here’s an example:
If you need StackSpot to access a private repository on GitHub for tasks like deployments or cloning code, you can register a Personal Access Token (PAT) as a Secret in your personal profile. This token will enable StackSpot to authenticate your access to the repository.
To register a Secret, follow these steps:
Prerequisites
- You must have permission from the Account Holder or Account Manager.
Access the Permissions page for more information.
Steps to register a Secret
Step 1: Access the StackSpot Portal. You have two options to access the portal:
- Go directly to the Account Portal.
- After logging into the StackSpot EDP Portal, click on your profile avatar.
Step 2: Select the 'Organization' option, then click on 'Identity and Security';
Step 3: Click on the 'Secrets Management' section;
Step 4: Click the 'Register Secret' button to start the registration process;
Step 5: Select the type of Secret you want to register and fill in the specific information according to the chosen type. See the details below:
Types of Secrets and required fields
- API Key: Used to authenticate client application requests to APIs. Fill out the fields:
- Secret Name
- Header Name
- Value
- Expiration Date (Optional)
- Bearer Tokens (OAuth): Tokens issued as part of the OAuth2 authorization framework allow clients to access protected resources. Fill out the fields:
- Secret Name
- Header Name
- Header Value
- Expiration Date (Optional)
- Client Credentials: Commonly used for server-to-server communication; a client application must authenticate using client credentials. Fill out the fields:
- Secret Name
- Client ID
- Client Secret
- Scopes (Optional): Add multiple scopes, such as
profile,edit,email,iam.role, etc. - Expiration Date (Optional)
- Certificate: Client certificates are used for mutual TLS authentication, ensuring identity validation and encrypted communication. Fill out the fields:
- Secret Name
- Certificate: Drag and drop the files.
Private Key (Optional): You can drag and drop the files. Only
.keyfiles are supported. - Expiration Date: Automatically filled when adding the certificate.
- Key/Value (Key/Value). Fill out the fields:
- Secret Name
- Registration Method: Choose between adding a file or entering the key and value manually.
- Expiration Date (Optional)
Step 6: Click the 'Register Secret' button.
Step 7: Check your Secret on the listing screen after registration. You will be able to view information such as:
- Credential Type
- Creation Date
- Expiration Date
- Secret Status
How to edit a Secret
- Make sure to copy and save the secret information when registering it, as some data may not be displayed again.
- Utilize the edit functionality to verify where the Secret is applied before making any changes or deletions.
You can edit a registered Secret by following these steps:
Step 1: In the StackSpot Portal, go to the 'Secrets' section; Step 2: Click the 'More Options' button next to the Secret you want to edit;
Step 3: Click the 'Edit' button to edit the Secret. Fill in the required fields:
- New Header Name
- New Value
- Expiration Date (Optional)
How to deactivate or delete a Secret
Deactivate a Secret
When a Secret is deactivated at the organization level, it becomes unavailable. If a user attempts to use applications or resources that depend on this Secret, an error message will be displayed.
To deactivate a Secret, follow these instructions:
- In the 'Secrets' section, click the 'More Options' button;
- Click the 'Deactivate' button.
You can reactivate the Secret if necessary.
Delete a Secret
Deleting a Secret is an irreversible process.
- In the 'Secrets' section, click the 'More Options' button.
- Click the 'Delete Secret' button.
The Secret will be permanently removed from the listed locations within 30 days.
