LogoLogo
  • Welcome to Release
  • Getting started
    • Quickstart
    • Create an account
    • Prepare to use Release
    • Create an application
      • Create custom application
      • Create from template
      • Servers vs runnables
    • Create an environment
  • Guides and examples
    • Domains and DNS
      • Manage domains
      • DNS and nameservers
        • Configure GoDaddy
        • Configure Cloudflare
        • Configure Namecheap
        • Other DNS hosts
      • Routing traffic
    • Example applications
      • Full stack voting app
      • Flask and RDS counter app
      • Static site with Gatsby
      • Golang with Postgres and Nginx
      • WordPress with MySQL
      • Spring and PostgreSQL
      • Terraform and Flask
      • OpenTelemetry demo
      • Load balancer with hostname
      • Static JavaScript service
      • SSH bastion access to services
      • ngrok and OAuth for private tunnels
      • Using OAuth Proxy
      • Hybrid Docker and static site
      • App Imports: Connecting two applications
      • Example library
    • Running instances
      • Cron jobs
      • Jobs
      • Using Helm charts
      • Using terminal
      • Viewing logs
      • Troubleshooting
        • ImagePullBackoff error
        • CrashLoopBackoff error
        • Exit codes
        • OOM: out of memory
    • Advanced guides
      • Containers guide
      • Application guide
      • Kubernetes guide
      • Create a cluster
      • Upgrade a cluster
      • Managing node groups
      • Patch node groups
      • Hostnames and rules
      • Serve traffic on multiple ports
      • Configure access to your K8s cluster
      • Designing for multiple environments
      • Microservices architecture
      • Monitoring your clusters
      • Performance tuning
      • Visibility and monitoring
      • Working with data
        • Container-based data
        • Seeding and migration
        • Cloud-provided data
        • Golden images
        • Third party
      • Pausing Instant Datasets
        • Application pausing schedules
        • Pause/resume environments
      • Infrastructure as code
        • Terraform
  • Reference documentation
    • Account settings
      • Account info
      • Managing users
      • Build settings
        • Build arguments
        • Build SSH keys
      • Add integrations
      • View clusters and cloud integrations
      • Add datasets
      • Environment handles
    • Workflows in Release
      • Stages of workflows
      • Serial deployments
      • Parallel deployments
      • Rolling deployments
      • Rainbow deployments
    • Networking
      • Network architecture (AWS)
      • Network architecture (GCP)
      • Ingresses
      • IP addresses
      • Cloud-provided services
      • Third-party services
    • Release environment versioning
    • Application settings
      • Application Template
        • Schema definition
      • Default environment variables
      • GitHub
      • Pull requests
      • GitOps
      • Just-in-time file mounts
      • Primary App Link
      • Create application FAQ
      • App-level build arguments
      • Parameters
      • Workspaces
    • End-to-end testing
    • Environment settings
      • Environment configuration
      • Environment variables
        • Environment variable mappings
        • Secrets vaults
        • Using Secrets with GitOps
        • Kubernetes Secrets as environment variables
        • Managing legacy Release Secrets
    • Environment expiration
    • Environment presets
    • Instant datasets on AWS
    • Instant datasets on GCP
    • Instant dataset tasks
      • Tonic Cloud
      • Tonic On-Premise
    • Cloud resources
    • Static service deployment
    • Helm
      • Getting started
      • Version-controlled Helm charts
      • Open-source charts
      • Building Docker images
      • Ingress and networking
      • Configuration
    • GitOps
    • The .release.yaml file
    • Docker Compose conversion support
    • Reference examples
      • Adding and removing services
      • Managing service resources
      • Adding database containers to the Application Template
      • Stock Off-The-Shelf Examples
    • Release API
      • Account Authentication
      • Environments API
        • Create
        • Get
        • Setup
        • Patch
      • User Authentication
      • Environment Presets API
        • Get Environment Preset List
        • Get Environment Preset
        • Put Environment Preset
  • Background concepts
    • How Release works
  • Frequently asked questions
    • Release FAQ
    • AWS FAQ
    • Docker FAQ
    • JavaScript FAQ
  • Integrations
    • Integrations overview
      • Artifactory integration
      • Cloud integrations (AWS)
        • AWS guides
        • Grant access to AWS resources
        • AWS how to increase EIP quota
        • Control your EKS fleet with systems manager
        • Managing STS access
        • AWS Permissions Boundaries
        • Private ECR Repositories
        • Using an Existing AWS VPC
        • Using an Existing EKS Cluster
      • Docker Hub integration
      • LaunchDarkly integration
      • Private registries
      • Slack integration
      • Cloud integrations (GCP)
        • GCP Permissions Boundary
      • Datadog Agent
      • Doppler Secrets Manager
      • AWS Secrets Management
    • Source control integrations
      • GitHub
        • Pull request comments
        • Pull request labels
        • GitHub deployments
        • GitHub statuses
        • Remove GitHub integration
      • Bitbucket
      • GitLab
    • Monitoring and logging add-ons
      • Datadog
      • New Relic
      • ELK (Elasticsearch, Logstash, and Kibana)
  • Release Delivery
    • Create new customer integration
    • Delivery guide
    • Release to customer account access controls
    • Delivery FAQs
  • Release Instant Datasets
    • Introduction
    • Quickstart
    • Security
      • AWS Instant Dataset security
    • FAQ
    • API
  • CLI
    • Getting started
    • Installation
    • Configuration
    • CLI usage example
    • Remote development environments
    • Command reference
      • release accounts
        • release accounts list
        • release accounts select
      • release ai
        • release ai chat
        • release ai config-delete
        • release ai config-init
        • release ai config-select
        • release ai config-upsert
      • release apps
        • release apps list
        • release apps select
      • release auth
        • release auth login
        • release auth logout
      • release builds
        • release builds create
      • release clusters
        • release clusters exec
        • release clusters kubeconfig
        • release clusters shell
      • release datasets
        • release datasets list
        • release datasets refresh
      • release deploys
        • release deploys create
        • release deploys list
      • release development
        • release development logs
        • release development start
      • release environments
        • release environments config-get
        • release environments config-set
        • release environments create
        • release environments delete
        • release environments get
        • release environments list
        • release environments vars-get
      • release gitops
        • release gitops init
        • release gitops validate
      • release instances
        • release instances exec
        • release instances logs
        • release instances terminal
  • Release.ai
    • Release.ai Introduction
    • Getting Started
    • Release.ai Templates
    • Template Configuration Basics
    • Using GPU Resources
    • Custom Workflows
    • Fine Tuning LlamaX
    • Serving Inference
Powered by GitBook
On this page
  • Referencing cloud secrets
  • Copying referenced secrets
  • Creating Release secrets
  • Creating AWS secrets
  • Creating AWS Systems Manager Parameter Store parameters

Was this helpful?

  1. Reference documentation
  2. Environment settings
  3. Environment variables

Secrets vaults

Importing secrets from external secrets managers

You can import environment variables from Release Secrets Manager, AWS Secrets Manager, AWS Systems Manager Parameter Store (SSM), and GCP Secret Manager using the format $secrets.<provider abbreviation>.<secret_name> for the value. The key and secret will follow the same variable schema as any other secret environment variable:

key:
  type: String
  description: Env variable name
  required: true
value:
  type: String
  description: Representation of the value to be fetched. $secrets.<provider_abbreviation>.<secret_name> format. If secret is true, and this field is omitted, will use previously saved value.
  required: true (but hidden if secret)
secret:
  type: Boolean
  description: Value is secret and should be encrypted and not visible in the UI when viewing
  required: false, but required for secrets manager imports

Here are the provider abbreviations:

Provider
Provider Abbreviation

Release Secrets Manager

rsm

AWS Secrets Manager

aws

AWS Systems Manager Parameter Store

ssm

GCP Secret Manager

gcp

If you are an AWS GovCloud user, contact us to enable beta access.

Referencing cloud secrets

Navigate to the Settings page and click the Edit button to modify the "Environment Variables" file. Paste the formatted value into the "Environment Variables" file, following the schema requirements. Ensure you set secret to true and choose a unique key value.

- key: TEST_SSM
  value: $secrets.ssm.test
  secret: true
- key: TEST_AWS
  value: $secrets.aws.test
  secret: true
- key: TEST_GCP
  value: $secrets.gcp.test
  secret: true
- key: TEST_RELEASE
  value: $secrets.rsm.test
  secret: true

Release will fetch and encode the values of the secrets before applying them.

Caution: To reset the fetched value, you must redeploy. An updated value in an external secrets manager will not update the stored encoded value.

Copying referenced secrets

Rather than formatting the value manually, you can copy the value from the Secrets page.

Navigate to Configuration -> Secrets. Select a secrets provider tab. Additional dropdowns for cloud integration and region will appear if relevant. Only cloud integrations with running clusters will be displayed in the dropdown for GCP, AWS, and SSM.

Click the copy icon to copy the formatted value.

Creating Release secrets

Navigate to Configuration -> Secrets. Select the Release tab. Click Create Release Secret.

Fill out the key and value, then click the ✔.

Creating AWS secrets

Navigate to Configuration -> Secrets. Select the AWS logo from the dropdown menu. Additional dropdown menus for cloud integration and region will appear if relevant. Click + Create AWS Secret.

Fill out the Key/Name, Value, and Description fields. Click Create Secret. A success or error message will appear. Any parameter created here will have the tag {"created\_by" : "release"}.

Creating AWS Systems Manager Parameter Store parameters

Navigate to Configuration -> Secrets. Select the AWS logo from the dropdown menu. Additional dropdown menus for cloud integration and region will appear if relevant. Click + Create SSM Parameter. Fill out the Key/Name and Value fields. Select a type from String, StringList, or SecureString.

Click Save. A success or error message will appear. Any parameter created here will have the tag {"created\_by" : "release"}.

PreviousEnvironment variable mappingsNextUsing Secrets with GitOps

Last updated 1 month ago

Was this helpful?

Copy a secret
Create a secret
Create a secret
Two buttons appear if AWS secrets and SSM parameters are available for your account.