Secrets

Creating secrets for your application

Opta provides built-in secret management for your applications. Any secrets like database passwords, api keys, should not be written in the code (including opta.yaml) because if the code is leaked accidentally, your infrastructure is exposed to hackers.

Opta enables you to store these in an encrypted fashion inside the kubernetes cluster. To use the secrets functionality use the opta secret command.

For this example, we can reuse the service defined in the Getting Started guide.

# hello.yaml
name: hello
environments:
  - name: staging
    path: "opta.yaml"
modules:
  - type: k8s-service
    name: hello
    port:
      http: 80
    image: ghcr.io/run-x/hello-opta/hello-opta:main
    healthcheck_path: "/"
    public_uri: "/hello"

  1. Create or update a secret with the secret update command

    opta secret update -c hello.yaml MY_SECRET_1 "value_1"
    
    Success
    

    Note: Opta will restart the service for the secrets to be updated in real time, if that’s not desirable use the --no-restart flag.

  2. Or if you want to create multiple secrets, use the secret bulk-update command

    # example of .env file containing secrets
    cat secrets.env 
    MY_SECRET_2=value_2
    MY_SECRET_3=value_3
    
    opta secret bulk-update -c hello.yaml secrets.env
    
    Success
    

    Note: Opta will restart the service for the secrets to be updated in real time, if that’s not desirable use the --no-restart flag.

  3. List all secrets with the secret list command

    opta secret list -c hello.yaml
    
    MY_SECRET_1=value_1
    MY_SECRET_2=value_2
    MY_SECRET_3=value_3
    
  4. View a secret value with the secret view command

    opta secret view -c hello.yaml MY_SECRET_1
    
    value_1
    
  5. View a secret value at runtime

    # shell into a service and view the environment variables
    # the application can use these
    opta shell -c hello.yaml
    env | grep MY_SECRET_
    MY_SECRET_1=value_1
    MY_SECRET_2=value_2
    MY_SECRET_3=value_3
    

Last modified May 23, 2022 : Docs for new release (#191) (ba6432d)