Secrets
Introduction
- Secrets allow you to securely store credentials, API Keys and other secrets required by your applications, databases, services, and IT resources.
- Secrets are stored within your AWS account using AWS Secrets Manager.
Managing secrets
- You can store secrets in 2 ways:
- simple strings, e.g.
mypassword
- json objects, such as
{ "username": "my-username", "password": "my-password" }
- simple strings, e.g.
- Secret names must use only Unicode characters and must be 1 - 512 characters long.
- Secret values must be at most 65,536 bytes long.
- Stacktape allows you to manage your secrets using CLI commands:
Creating and updating a secret
- using secret:create command
Copy
stacktape secret:create --region my-region
- You will be prompted to input all the required values.
- Updating the secret can be done using the same command. If the secret with the given name already exists, you will be prompted if you want to update it.
Deleting a secret
- using secret:delete command
Copy
stacktape secret:delete --region my-region
Getting a secret value
- using secret:get command
Copy
stacktape secret:get --region my-region
Referencing secrets
- Secrets can be easily referenced within your configuration using a $Secret() directive.
Copy
resources:myDatabase:type: relational-databaseproperties:engine:type: aurora-postgresql-serverlesscredentials:# using a simple string as a secret value, e.g. "my-password"masterUserName: $Secret('masterUserName')# using an object as a secret value, e.g. "{ password: "my-password" }"masterUserPassword: $Secret('databaseCredentials.password')
After you update a secret, all of the already deployed stacks which are using this secret will keep using the old version. In order for the deployed stack to use the new (updated) version of the secret, you need to redeploy the stack.
Pricing
- You are charged $0.4 / month for every existing secret