Secrets Management

Secrets Management

Secrets management allows users to securely store and manage API keys and tokens that applications use to authenticate to external services.

It is important to ensure that secrets are kept up-to-date and are only accessible to authorized personnel to maintain the security of your integrations.

List all secrets through the CLI using admyral secret list.

Secrets are always stored as key-value pairs where both, the key and the value, are strings. A secret consists of one or more key-value pairs.

The following terms are important to understand for users:

  • Secret: A secret consists of multiple key-value pairs of strings.

  • Secret Placeholder: If an action requires one or more secrets, it defines for each secret a secret placeholder for each secret it needs. The secret mapped to the placeholder is then used in the action logic in place of the placeholder.

    @action(
	display_name="Send Slack Message",
	display_namespace="Slack",
	# Secret placeholders are defined in the action decorator
	secrets_placeholders=["SLACK_SECRET"],
)
def send_slack_message(...):
	# Usage of the secret mapped to the secret placeholder
	secret = ctx.get().secrets.get("SLACK_SECRET")
	api_key = secret["api_key"]
	...

  • Secret Mapping: Actions requiring secrets, such as integrations, define secret placeholders. For each secret placeholder, the user needs to define which secret the action should use in place of the secret placeholder. This is defined via the secret mapping either in the workflow function as code or in the UI in the action edit side panel.

Adding and Using New Secrets in Workflows

Secrets can easily be added via the CLI. You define key-value pairs by appending --value followed by a key-value assignment: key=value.

Example:

admyral secret set your_secret --value key1=value1 --value key2=value2

You can then use the secret, e.g. your_secret is slack_secret, as follows:

Some actions (e.g., integrations) require access to secrets. In order to give a secret access to a secret, you pass the name of the secret you want to use to the action via the secrets mapping which maps a secret (slack_secret) to a secret placeholder (SLACK_SECRET) defined by the action. If an action requires a secret, it is specified in the documentation.

@workflow(
	description="example_workflow",
	triggers=[Webhook()],
)
def slack_send_message(payload: dict[str, JsonValue]):
	send_slack_message(
		channel_id="C0000000000",
		text="This is how secrets are used within code.",
		# Define the secrets mapping
		secrets={
			# we pass the slack_secret to the action by
			# mapping it to the corresponding secret placeholder
			# which is defined by the action.
			"SLACK_SECRET": "slack_secret"
		},
	)

Deleting Existing Secrets

Delete a secret through the CLI:

admyral secret delete your_secret
List AlertsRun History