logoStacktape docs


SecretsWork in progress
Work in progress

Introduction

  • Secrets allow you to securely store credentials, API Keys and other secrets required by your applications, databases, services, and IT resources.
  • Secrets are stored within your AWS account using AWS secrets manager.

Managing secrets

  • You can store secrets in 2 ways:
    • simple strings, e.g. mypassword
    • objects, such as { username: "my-username", password: "my-password" }
  • Secret names must use only Unicode characters and must be 1 - 512 characters long.
  • Secret values must be at most 65,536 bytes long.
  • Stacktape allows you to manage your secrets using CLI commands:

Creating and updating a secret

  • using secret-create command

Copy

stacktape secret-create --region my-region
  • You will be prompted to input all the required values.
  • Updating the secret can be done using the same command. If the secret with the given name already exists, you will be prompted if you want to update it.

Deleting a secret

Copy

stacktape secret-delete --region my-region

Getting a secret value

Copy

stacktape secret-get --region my-region

Referencing secrets

Copy

resources:
myDatabase:
type: relational-database
properties:
engine:
type: aurora-postgresql-serverless
credentials:
# using a simple string as a secret value, e.g. "my-password"
masterUserName: $Secret('masterUserName')
# using an object as a secret value, e.g. "{ password: "my-password" }"
masterUserPassword: $Secret('databaseCredentials.password')

After you update a secret, all of the already deployed stacks which are using this secret will keep using the old version. In order for the deployed stack to use the new (updated) version of the secret, you need to redeploy the stack.

Pricing

  • Work in progress
Need help? Join our Slack community.For bug reports and feature requests create a Github issue.