What are secrets?

We should not store confidential information like API keys, secret keys for encryption, database passwords, etc., in plain text format in the application code or configuration files in a version control system.

Instead, use Truefoundry to securely store and control access to them. Truefoundry also helps you seamlessly mount these secrets as environment variables.

How to store secrets in Truefoundry?

To store secrets in Truefoundry, follow the steps below:

  1. Go to SecretsFoundry dashboard.

  2. Create a new Secret Group and add your Secret to the Secret Group.

    Note: Suppose your backend service needs to load a database password and an API key for an external service. You can create a secret group for that backend service and add the database password and the API key as secrets under that secret group.

  3. Copy the FQN of the Secret you just created. We use the FQN to inject secrets in applications. The Secret FQN will always start with tfy-secret://.

Injecting Secrets as Environment Variables in application

import logging

from servicefoundry import Build, Service, DockerFileBuild

service = Service(
    ports=[{"port": 8501}],
      "NODE_ENV": "prod",
      # The value of tfy-secret://user:my-secret-group:my-secret
      # will be mapped to the value of MY_SECRET environment variable.
      "MY_SECRET": "tfy-secret://user:my-secret-group:my-secret",
# You can inject secrets as environment variables to services by adding them in the `servicefoundry.yaml` file. 

name: my-service
  - name: my-service
    type: service
      type: build
        type: local
        type: dockerfile
     - port: 8501
      NODE_ENV: prod
      MY_SECRET: tfy-secret://user:my-secret-group:my-secret

After this, you can deploy your application by running servicefoundry deploy and the value of the secret will be available in your service environment against the environment variable MY_SECRET