Secret management with the CLI
Overview
In some cases, you might not want to provide a plain text string for configuration options. For example, is a good practice to not include API tokens or other kind of sensitive information on code-versioning repositories when using Monitors as Code.
Using the Monte Carlo CLI you create and manage account specific secrets. These secrets can then be referenced in specific parts of the product instead of using plain text strings.
Usage
Create
Create a secret using the secrets create
command:
montecarlo secrets create --name my_new_secret --scope <a secret scope>
name
: provides a name to identify the secret. Can only includea-z
,A-Z
,0-9
,_
, or-
characters, and be up to 64 characters in length.scope
: provides a context of use for the secret. Secrets scoped tonotifications
will only be usable in the context of notification settings, while those inglobal
will be available in all contexts. When a configuration option accepts a secret reference, it will declare the supported scopes (in addition toglobal
).description
: (Optional) a description for your secret.expires-at
: (Optional) a date when the secret should no longer be returned and becomes unavailable for use.
You will be prompted for the secret value. The secret value will never be displayed except when using the secrets get
command described below while having the appropriate permissions.
There can be other supported options when creating a secret, please use the --help
option on the secrets create
command for additional options.
Read
Get a secret details using the secret get
command:
montecarlo secrets get --name my_new_secret [--reveal]
name
: the secret namereveal
: if provided, only the secret value will be returned.
The secret value can only be read by Account Owners, or by the user that crated the secret.
Other commands
Use montecarlo secrets --help
to list other commands to manage secrets.
Referencing secrets
At the moment, only a specific set of configuration options allow to reference secrets. The documentation for those options will indicate if a secret reference is accepted.
To reference a secret, use {secret:<secret name}
for the configuration option value.
The list below provides a non-comprehensive list of some of the currently supported options:
Option | Scopes (in addition to global ) | Where can it be used |
---|---|---|
PagerDuty routing_key | notifications | Notifications as Code |
Opsgenie api_key | notifications | Notifications as Code |
Webhook secret | notifications | Notifications as Code |
Updated 4 months ago