Secrets
This provider allows you to inline the secrets directly into your config using public-private key encryption.
Configuration
⚠️
Never commit your private key to git
| Field | Value |
|---|---|
| Algorithm | Currently only RSA is supported |
| Padding | The padding to use. One of OaepSHA256, OaepSHA512. Pkcs1 |
| PublicKey | The value of the public key inlined as a string |
| PublicKeyPath | Path to the .pem file of the public key |
| PrivateKey | The value of the private key inlined as a string |
| PrivateKeyPath | Path to the .pem file of the private key |
The public and private key must either be directly set or the path to the .pem file must be supplied.
The inlined key takes precedence over the file.
Sample using inline keys
.confixrc
{
"project": {
"variableProviders": [
{
"name": "secret",
"type": "secret",
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIGe...\n----END PUBLIC KEY-----",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMII...\n-----END RSA PRIVATE KEY-----"
}
]
}
}Sample using files
.confixrc
{
"variableProviders": [
{
"name": "secret",
"type": "secret",
"publicKeyPath": "./keys/public.pem",
"privateKeyPath": "./keys/private.pem"
}
]
}Usage
Encrypt a value
confix variable set '$secrets:irrelevant' 'my-secret-value'confix variable set '$secrets:irrelevant' 'my-secret-value'
...
✓ Variable $secret:K2b8F2zG9HpJxMImaYwlf0ByzArc... set successfully.use the output as the variable in your configuration
my-settings.json
{
"myValue": "$secret:K2b8F2zG9HpJxMImaYwlf0ByzArc..."
}