GuidesAPI Reference
Log In
Guides

Secrets

Suggest Edits

Prodvana provides secret storage that allows you to securely pass secret values to your Services. Secrets are encrypted at rest with an organization-specific key. For more details on how we store secrets check out Security.

When you create a secret, you will give it a unique name. Every time you update the secret, a new version will be created. You can then use the secret name and version pair to refer to that secret in your Prodvana
configuration.

By versioning secrets, you can safely update a secret in use by a service without breaking currently deployed instances. This also ensures you can roll back services to a previous version if necessary.

Creating and Updating Secrets

To create a new secret, or update an existing one use the pvnctl secrets set command.

$ pvnctl secrets set my-secret "secret value"
Created secret version: my-secret-0

Alternatively, you can pass the secret value through stdin:

$ echo "new secret value" | pvnctl secrets set my-secret
Created secret version: my-secret-1

Deleting Secrets

You can delete a specific secret version with pvnctl secrets delete-version

$ pvnctl secrets delete-version my-secret my-secret-0
Secret version deleted.

Or you can delete all versions of a secret with pvnctl secrets delete:

$ pvnctl secrets delete my-secret
Secret deleted.

🚧

Deleting an older secret version may make rollbacks unsafe -- a older secret version may be referenced in a past config.

Listing Secrets

You can list your existing secrets with pvnctl secrets list:

KEY                                                             LATEST VERSION                                            
integrations/DOCKER_REGISTRY/dockerhub                          integrations/DOCKER_REGISTRY/dockerhub-0                  
integrations/DOCKER_REGISTRY/ecr-prodvana-test                  integrations/DOCKER_REGISTRY/ecr-prodvana-test-1          
integrations/DOCKER_REGISTRY/pvn-gcr                            integrations/DOCKER_REGISTRY/pvn-gcr-0                    
integrations/GITHUB/github                                      integrations/GITHUB/github-1                                                                               
pvn/runtimes/rtm-95f9ab9583d94b7a9ff36391f3ee129a/access        pvn/runtimes/rtm-95f9ab9583d94b7a9ff36391f3ee129a/access-0
my-secret                                                       my-secret-2

📘

You may see some existing secrets with prefixes like integrations/. These secrets are used internally for Prodvana integrations.

Listing a Secret's Versions

To see all existing versions of a secret, you can use pvnctl secrets list-versions

$ pvnctl secrets list-versions my-secret
Version    
my-secret-4
my-secret-3
my-secret-2

Updated 12 months ago