Search
K
Links

Secrets vaults

Importing secrets from external secrets managers
You can import environment variables from Release Secrets Manager, AWS Secrets Manager, AWS Systems Manager Parameter Store (SSM), and GCP Secret Manager using the format $secrets.<provider abbreviation>.<secret_name> for the value. The key and secret will follow the same variable schema as any other secret environment variable:
key:
type: String
description: Env variable name
required: true
value:
type: String
description: Representation of the value to be fetched. $secrets.<provider_abbreviation>.<secret_name> format. If secret is true, and this field is omitted, will use previously saved value.
required: true (but hidden if secret)
secret:
type: Boolean
description: Value is secret and should be encrypted and not visible in the UI when viewing
required: false, but required for secrets manager imports
Here are the provider abbreviations:
Provider
Provider Abbreviation
Release Secrets Manager
rsm
AWS Secrets Manager
aws
AWS Systems Manager Parameter Store
ssm
GCP Secret Manager
gcp
If you are an AWS GovCloud user, contact us to enable beta access.

Referencing cloud secrets

Navigate to the Settings page and click the Edit button to modify the "Environment Variables" file. Paste the formatted value into the "Environment Variables" file, following the schema requirements. Ensure you set secret to true and choose a unique key value.
- key: TEST_SSM
value: $secrets.ssm.test
secret: true
- key: TEST_AWS
value: $secrets.aws.test
secret: true
- key: TEST_GCP
value: $secrets.gcp.test
secret: true
- key: TEST_RELEASE
value: $secrets.rsm.test
secret: true
Release will fetch and encode the values of the secrets before applying them.
Caution: To reset the fetched value, you must redeploy. An updated value in an external secrets manager will not update the stored encoded value.

Copying referenced secrets

Rather than formatting the value manually, you can copy the value from the Secrets page.
Select a secrets provider in the Secrets tab
Navigate to Settings -> Secrets. Select a secrets provider from the dropdown. Additional dropdowns for cloud integration and region will appear if relevant. Only cloud integrations with running clusters will be displayed in the dropdown for GCP, AWS, and SSM.
Click the copy icon to copy the formatted value.
Click the copy icon to get the formatted value

Creating Release secrets

Navigate to Settings -> Secrets. Select the Release logo from the dropdown menu. Click + Create Secret.
Click the Create Secret button
Fill out the key and value, then click Create Secret.

Creating AWS secrets

Navigate to Settings -> Secrets. Select the AWS logo from the dropdown menu. Additional dropdown menus for cloud integration and region will appear if relevant. Click + Create AWS Secret.
Two buttons appear if AWS secrets and SSM parameters are available for your account.
Fill out the Key/Name, Value, and Description fields. Click Create Secret. A success or error message will appear. Any parameter created here will have the tag {"created\_by" : "release"}.

Creating AWS Systems Manager Parameter Store parameters

Navigate to Settings -> Secrets. Select the AWS logo from the dropdown menu. Additional dropdown menus for cloud integration and region will appear if relevant. Click + Create SSM Parameter. Fill out the Key/Name and Value fields. Select a type from String, StringList, or SecureString.
Click Create Secret. A success or error message will appear. Any parameter created here will have the tag {"created\_by" : "release"}.

Creating GCP secrets

Navigate to Settings -> Secrets. Select the GCP logo from the first dropdown menu. Click + Create Secret.
Fill out the Key/Name and Value fields. Click Create Secret. A success or failure message will appear. Note that any secret created will have the label {"created\_by" : "release"}.