Introduction to Secrets

When building applications, you might need to use sensitive information like API keys and database passwords in your code. Storing them in code is not a great idea due to security reasons - hence they are injected as environment variables. However, the values of these environment variables cannot be exposed to all developers. For e.g. everyone shouldn't know the password of the production database. These values are then stored in Secret Managers like AWS SSM, GCP Secret Manager, Azure Vault, etc and injected in the code as environment variables.

Truefoundry makes it easy to store the actual values in the SecretManagers that you are using and then inject them into the code without exposing the value of these keys to developers. To do this, you can integrate your preferred secret manager with Truefoundry and then store the secret using Truefoundry's UI. Whenever you save a secret using Truefoundry's UI, the actual secrets are stores in your SecretManager and Truefoundry never stores the secret with itself. You will then get a fqn (fully-qualified-name) for your secret which you can then use in your deployments.

Secret groups

In a project, you likely have a set of secrets associated with it. Managing access to each individual secret can become cumberson. Hence, we have the concept of secretgroups which lets you organize and manage related secrets for a specific project.

Within a Secret Group, you can easily add, remove, and update secrets. You can configure access control on each secret group and grant users/teams read, write or admin access.