Secrets vaults
Importing secrets from external secrets managers
You can import environment variables from Release Secrets Manager, AWS Secrets Manager, AWS Systems Manager Parameter Store (SSM), and GCP Secret Manager using the format $secrets.<provider abbreviation>.<secret_name>
for the value. The key and secret will follow the same variable schema as any other secret environment variable:
Here are the provider abbreviations:
Release Secrets Manager
rsm
AWS Secrets Manager
aws
AWS Systems Manager Parameter Store
ssm
GCP Secret Manager
gcp
If you are an AWS GovCloud user, contact us to enable beta access.
Referencing cloud secrets
Navigate to the Settings page and click the Edit button to modify the "Environment Variables" file. Paste the formatted value into the "Environment Variables" file, following the schema requirements. Ensure you set secret
to true
and choose a unique key value.
Release will fetch and encode the values of the secrets before applying them.
Caution: To reset the fetched value, you must redeploy. An updated value in an external secrets manager will not update the stored encoded value.
Copying referenced secrets
Rather than formatting the value manually, you can copy the value from the Secrets page.
Navigate to Configuration -> Secrets. Select a secrets provider tab. Additional dropdowns for cloud integration and region will appear if relevant. Only cloud integrations with running clusters will be displayed in the dropdown for GCP, AWS, and SSM.
Click the copy icon to copy the formatted value.
Creating Release secrets
Navigate to Configuration -> Secrets. Select the Release tab. Click Create Release Secret.
Fill out the key and value, then click the ✔
.
Creating AWS secrets
Navigate to Settings -> Secrets. Select the AWS logo from the dropdown menu. Additional dropdown menus for cloud integration and region will appear if relevant. Click + Create AWS Secret.
Fill out the Key/Name, Value, and Description fields. Click Create Secret. A success or error message will appear. Any parameter created here will have the tag {"created\_by" : "release"}
.
Creating AWS Systems Manager Parameter Store parameters
Navigate to Settings -> Secrets. Select the AWS logo from the dropdown menu. Additional dropdown menus for cloud integration and region will appear if relevant. Click + Create SSM Parameter. Fill out the Key/Name and Value fields. Select a type from String, StringList, or SecureString.
Click Create Secret. A success or error message will appear. Any parameter created here will have the tag {"created\_by" : "release"}
.
Creating GCP secrets
Navigate to Settings -> Secrets. Select the GCP logo from the first dropdown menu. Click + Create Secret.
Fill out the Key/Name and Value fields. Click Create Secret. A success or failure message will appear. Note that any secret created will have the label {"created\_by" : "release"}
.
Last updated