Secrets Usage

Recipes rely on vault secrets to protect and encrypt the credentials for toolchain connections.

See Vault and Secrets for an overview of vaults.

DataOps Automation leverages v1.1 of HashiCorp's Vault.

Vault secret syntax

• When referencing secrets in recipes or kitchens use #{ } syntax.
• It's best practice to construct vault paths with lowercase characters.
• It recommended to group secrets under subpaths. For example, all Docker Hub related secrets may be grouped together under a /dockerhub subpath.

Syntax examples

#{vault://my_secret_example}

#{vault://dockerhub/username}

#{vault://s3_storage/access_key}

Tip

In an organization that supports multiple release environments, you may want to construct vault paths so that Automation can use the same paths to compile recipe variables and retrieve secret values in Dev vaults and Prod vaults.

Vault secrets in recipes

You can insert vault secrets into recipes with the Use Secret drop-down list.

See Insert Secrets in Recipes for information on how to use secrets in recipes.

Tip

While vault secrets can be inserted in recipe configuration files, it's a best practice to use vault secrets once at the kitchen level. Define them as variables, and then use the variables wherever the relevant vault secrets are needed.