recipe_secrets
2 sites
Security covered
Recipe secrets module allows the use of secrets in configuration files imported from a recipe. It retrieves secret values from a .env file, ensuring sensitive data remains secure and separate from the exported configuration. This improves security and flexibility by preventing hardcoded credentials in configuration management.
Features
- Automatically replaces placeholders in configuration files with values from a .env file.
- Load different secrets for different environments without modifying configuration files.
- Works within the configuration import process to apply secrets dynamically.
Usage
- Enable the Module: Ensure that the Recipe Secrets module is activated before importing configurations by your recipe.
- Define Secrets in the `.env` File: Create or update your `.env` file with the required secret values.
- Reference Secrets in Your Configuration Files
API_KEY=your-api-key-here
DB_PASSWORD=your-secure-passwordUse the `!secret` syntax to reference secrets in your YAML configuration files.
The module will automatically replace these references with values from the `.env` file during the import process.
pi.settings:
api_key: '!secret {{API_KEY}}'
database:
password: '!secret {{DB_PASSWORD}}'