Secrets
Secrets provide a way to store confidential data on Neu.ro, be it passwords, access keys, tokens, etc. You can use secrets in jobs to securely access some external services. Neu.ro secrets are based Kubernetes secrets. You can manage secrets both through Neu.ro CLI and the Web UI.
Creating secrets
Creating secrets through the CLI
To create a secret from the Neu.ro CLI, use the neuro secret add
command:
This will create a secret with a key secret-password and a value of p@$$w0rd123.
You can also point to an existing file with the required value when creating a secret by using the @
notation:
Creating secrets through the Web UI
To create a secret from the Neu.ro Web UI:
Log in to Neu.ro
Go to the Secrets tab:
Click Add:
Enter the secret's name, value, and click Save:
The new secret will be added to the list of your secrets:
Using secrets
There are two ways to use secrets in jobs - as a file and as an environment variable. Let's look how to do this in the CLI and in the Web UI.
Using secrets through the CLI
To use a secret as a file in your job, provide its location in a --volume
parameter when running a job. For example:
To use a secret as an environment variable, declare it through the --env
parameter when running a job:
Now, depending on which method you chose, you can access the secret from within your job by either referring to its location /var/secrets/secret-password.txt
or reading the value of the mypass
environment variable.
Using secrets through the Web UI
To use a secret through the Web UI:
Log in to Neu.ro
On your dashboard, click RUN A JOB on a widget you want to work with. We'll use Terminal in this example:
In the newly-opened window, click ADD NEW SECRET:
Select the type of secret you want to use and the secret's key from the drop-down list. Then, depending on the type of secret you selected, enter the name of the environment variable or the path to the secret's file:
When ready, click RUN. You will be able to use the secret within a job run in this way.
Sharing secrets
You can share secrets through the CLI by using the neuro acl grant
command. The syntax is neuro acl grant secret:<key> <username> <access-level>
. For example:
This will give Bob the access to use the secret-password
secret in their jobs.
You can also use the neuro share
command as an alias for neuro acl grant
:
Keep in mind that, at this point in time, secret sharing is implemented in such a way that Bob won't be able to see this secret in their list of secrets when running neuro secret ls
. To check if they have access rights to use this secret, Bob will need to run neuro acl list
and search the output for the corresponding secret's URI. For example, if the secret was created by Alice, the URI will look like this:
Deleting secrets
Deleting secrets through the CLI
To delete a secret, run the neuro secret rm
command:
To check that the secret was removed, run the neuro secret ls
command to list all your current secrets:
Deleting secrets through the Web UI
Go to the Secrets tab.
Click the trash bin icon to the right of the secret you want to delete:
Click the check mark icon to confirm the changes:
Last updated