Prodvana provides secret storage that allows you to securely pass secret values to your services. Secrets are encrypted at rest with a customer-specific key. For more details on how we store secrets check out Security.
When you create a secret, you will give it a unique name. Every time you update the secret, a new version will be created. You can then use the secret name and version pair to refer to that secret in your Prodvana
By versioning secrets, you can safely update a secret in use by a service without breaking currently deployed instances. This also ensures you can roll back services to a previous version if necessary.
Creating and Updating Secrets
To create a new secret, or update an existing one use the
pvnctl secrets set command.
$ pvnctl secrets set my-secret "secret value" Created secret version: my-secret-0
Alternatively, you can pass the secret value through stdin:
$ echo "new secret value" | pvnctl secrets set my-secret Created secret version: my-secret-1
You can delete a specific secret version with
pvnctl secrets delete-version
$ pvnctl secrets delete-version my-secret my-secret-0 Secret version deleted.
Or you can delete all versions of a secret with
pvnctl secrets delete:
$ pvnctl secrets delete my-secret Secret deleted.
Deleting an older secret version may make rollbacks unsafe -- a older secret version may be referenced in a past config.
You can list your existing secrets with
pvnctl secrets list:
KEY LATEST VERSION integrations/DOCKER_REGISTRY/dockerhub integrations/DOCKER_REGISTRY/dockerhub-0 integrations/DOCKER_REGISTRY/ecr-prodvana-test integrations/DOCKER_REGISTRY/ecr-prodvana-test-1 integrations/DOCKER_REGISTRY/pvn-gcr integrations/DOCKER_REGISTRY/pvn-gcr-0 integrations/GITHUB/github integrations/GITHUB/github-1 pvn/runtimes/rtm-95f9ab9583d94b7a9ff36391f3ee129a/access pvn/runtimes/rtm-95f9ab9583d94b7a9ff36391f3ee129a/access-0 my-secret my-secret-2
You may see some existing secrets with prefixes like
integrations/. These secrets are used internally for Prodvana integrations.
Listing a Secret's Versions
To see all existing versions of a secret, you can use
pvnctl secrets list-versions
$ pvnctl secrets list-versions my-secret Version my-secret-4 my-secret-3 my-secret-2
Updated 2 months ago