You can set any properties of a service component as secrets. This is useful in case you do not want to expose sensitive data as plain text (e.g., a database password) in the topology description.
How to use
Step 1. Set a property as secret
- Open the properties menu of any components (e.g., the
root_passwordproperty of the
- Select Set as secret.
- Save the application.
Step 2. Input the secret value
- Select the Setting tab.
root_passwordsecret was created in Step 1 but has no value. Select it.
- Input the value (e.g.,
Only users from Open Telekom Cloud with the
Tenant Administrator role in the same project has the permission to view and edit the secret value.
The topology description shows the
root_password property gets an input from the
When the application is deployed, the
root_password property will be resolved with the secret value
How secure is my secrets?
- In step 2, the designer uses the authentication token of the user to encrypt the secret. During the deployment, the orchestration engine uses the user authentication token to decrypt the secret.
- It means, the system works on behalf of the user to encrypt and decrypt a given secret. Without the authentication token from a user with the
Tenant Administratorrole in the same project, the system itself cannot decrypt the secrets. Therefore, our secret management system has a higher security in comparison to just encrypt the data with a symmetric key.