Documentation

Secrets

Suggest Edits

What are secrets?

We should not store confidential information like API keys, secret keys for encryption, database passwords, etc., in plain text format in the application code or configuration files in a version control system.

Instead, use Truefoundry to securely store and control access to them. Truefoundry also helps you seamlessly mount these secrets as environment variables.

How to store secrets in Truefoundry?

To store secrets in Truefoundry, follow the steps below:

  1. Go to SecretsFoundry dashboard.

  2. Create a new Secret Group and add your Secret to the Secret Group.

    Note: Suppose your backend service needs to load a database password and an API key for an external service. You can create a secret group for that backend service and add the database password and the API key as secrets under that secret group.

  3. Copy the FQN of the Secret you just created. We use the FQN to inject secrets in applications. The Secret FQN will always start with tfy-secret://.

Injecting Secrets as Environment Variables in application

import logging

from servicefoundry import Build, Service, DockerFileBuild

logging.basicConfig(level=logging.INFO)
service = Service(
    name="my-service",
    image=Build(build_spec=DockerFileBuild()),
    ports=[{"port": 8501}],
    env={
      "NODE_ENV": "prod",
      # The value of tfy-secret://user:my-secret-group:my-secret
      # will be mapped to the value of MY_SECRET environment variable.
      "MY_SECRET": "tfy-secret://user:my-secret-group:my-secret",
    },
)
service.deploy(workspace_fqn="YOUR_WORKSPACE_FQN")

# You can inject secrets as environment variables to services by adding them in the `servicefoundry.yaml` file. 

name: my-service
components:
  - name: my-service
    type: service
    image:
      type: build
      build_source:
        type: local
      build_spec:
        type: dockerfile
    ports:
     - port: 8501
    env:
      NODE_ENV: prod
      MY_SECRET: tfy-secret://user:my-secret-group:my-secret

After this, you can deploy your application by running servicefoundry deploy and the value of the secret will be available in your service environment against the environment variable MY_SECRET

Updated 5 months ago