I love writing about features that take only a few sentences to introduce! Today, I am excited to tell you about Cloud 66 Secrets. Frankly, there is not much I can write about, because this is a feature that's easy to understand for all developers and we made it so easy to use that you will be up and running in minutes. But I'm going to try and write everything you might need to know about Cloud 66 Secrets here, so let's go!
What are Cloud 66 Secrets?
Ok, first: What are Cloud 66 Secrets? Cloud 66 Secrets are application level secrets that are stored and transferred encrypted from our servers to yours. They use a brand new API that was built with security at its core. You can use Secrets to store any sensitive information that your application needs, such as API keys, database passwords, and other sensitive information.
Where can set up Cloud 66 Secrets?
Secrets are per application and can be found under Settings / Variables / Secrets. There you can add, edit and remove secrets for your application.
How do I use Cloud 66 Secrets?
Secrets are available to all of your applications as files in the /mnt/cloud66/secrets
directory. You can use them in your application by reading the files from this directory. Each file in this directory is a file, named after the secret key, and contains the secret value. This is the same for Rails and containerized applications.
When you update the value of a Secret or add a new one, the changes are immediately available as files in the
/mnt/cloud66/secrets
directory. If your application reads the value of the secret from this directory, it will automatically pick up the new value. However, if you have a long-running process that reads the value of the secret once and caches it, you will need to restart the process to pick up the new value.
When should I use Secrets vs Environment Variables vs ConfigStore?
Cloud 66 supports three different methods to store and transfer sensitive information to your application:
- Environment Variables: These are the most common way to pass information to your applications. They use Linux environment variables which makes them easy to use across all languages and frameworks. However, they are not encrypted and can be read by anyone with access to the server. Also, Linux processes load environment variables when they start and do not pick up changes to the environment variables without a restart.
- ConfigStore: This is a Cloud 66 feature that allows you to store and transfer sensitive information to your application. ConfigStore is encrypted and can be used to store sensitive information that you want to share between multiple applications. ConfigStore is available both at the application level and the account level. This means you can set values in ConfigStore that can be shared between all of your applications. This is useful for things like API keys that are shared between multiple applications. You can reference ConfigStore values in your Environment Variable values by using the
_configstore()
function. Read more about ConfigStore here - Secrets: Secrets are the most secure way to store and transfer sensitive information to your application. They are encrypted and are available as files in the
/mnt/cloud66/secrets
directory. Secrets are application level and are not shared between applications.
To enable Secrets you should run the required application update. To read more about Secrets, visit our help page.
Cloud 66 Secrets is available to all Cloud 66 customers on our new pricing plans. If you are not on our new pricing plans, you can upgrade your account from the Cloud 66 dashboard.