Secrets Manager
Goal
Providing a safe and secure way of storing sensitive values that are used by Corvid site (in user-code). This comes as an alternative to hard-coding such values in backend-code, which was the safest way to limit access to those keys to the site's code and site-owner only.
Concepts
Secret
A secret is composed of the following fields:
name
- mandatory. Used to retreive the secret value.value
- mandatory. The sensitive value we'd like to use in user-codedescription
- optional. Some human-friendly description of the secret (e.g., "github token")id
- read-only. The id assigned to the secret value by the Secrets-Manager, and does not change (contrary to the name, which might be updated by the user). Used for all API opertaions, expect for getting a secret by name.created_at
,updated_at
- timestamps of creation and last-update of the secret (partial or full)
Using a secret value
Expect for managing the keys in the Business-Manager "Secerts Manager" section, the secret value can be cosumed by Corvid backend-code, using the Secrets EDM.
Returns the secret value stored against the given name
Returns a list of info objects, describing each secret without its value
Creates a new secret
Updates all the fields of an existing secret at once
Deletes an existing secret
Updates some or all of the fields of an existing secret