Secrets
Any meaningful application needs an assortment of sensitive configuration whether third-party API keys, database credentials, encryption keys, and more. Nullstone provides a secure secrets management system using your cloud accounts to store these secrets. Nullstone automatically injects secrets into your applications through environment variables.
Add automated secrets
Nullstone comes with a rich catalog of modules that automatically generate secrets before injecting into your applications.
Database Access
When you connect an application to a database using Nullstone modules, Nullstone grants database access by generating a set of user credentials. This user is granted specific permissions based on the module chosen.
Grant access to a database from the Datastores tab in your application.
Once granted, click Update. In the Launch/Update screen, you will see additional environment variables injected into the app. This example shows access to a postgres cluster.
Cookie Encryption
Many web application frameworks manage stateless sessions using encrypted cookies. In order to deploy these apps to production, they require an encryption key.
Typically, each framework has a terminal command to generate a secret. Then, you add these configuration values as plain-text into the application's environment variables. Instead, Nullstone provide capabilities to do this for you automatically.
To create an encryption key in your app in Nullstone, go to the Capabilities tab and click Add Capability. Select the "secrets" filter at the top. Choose the correct module based on your framework:
- Rails -
SECRET_KEY_BASE for Rails Cookies
- Elixir -
SECRET_KEY_BASE for Rails Cookies
- Python -
SECRET_KEY for Python Cookies
- Laravel -
APP_KEY for Laravel
TIP
These will automatically inject an environment variable that each framework understands. Remove any conflicting environment variables from your application configuration.
Create-your-own automated secrets
If you are inspired by the automated secrets above, you can extend Nullstone to create and inject other secrets.
These are done through Terraform modules that attach to applications called Capabilities. Visit the Extending > Capabilities section to learn how to create a capability module.
Here are example modules for reference:
Add manual secrets
If you want to manually add a secret, you can do so by adding to environment variables. By marking as sensitive, the values will be write-only and not reappear in the UI.