Secrets
Overview
There can be times when the data required in the Kelvin SmartApp™ is too sensitive to store in plain text in the app itself.
This can be in cases where you need to use a password or token to access a third party resource or asset or confidential information that you want to displayed but don't want it stored within the app itself.
The secrets are stored in the Cloud Server through the Kelvin SDK library.
Once a secret is store on the Cloud Server then your Kelvin SmartApp™ can dynamically access these as environment variables as long as your app YAML file has properly declare them. This gives you full control over what secrets are exposed to each Kelvin SmartApp™.
Create Secret
In this example we will save a phrase "This is a really big secret!" as the name demosecret.
The name can only contain lowercase alphanumeric characters and ., _ or - characters. The phrase can be anything.
curl -X 'POST' \
'https://<url.kelvin.ai>/api/v4/secrets/create' \
-H 'Authorization: Bearer <Your Current Token>' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"name": "demosecret",
"value": "This is a really big secret!"
}'
The response will look like this;
{
"name": "demosecret"
}
from kelvin.api.client import Client
# Login
client = Client(config={"url": "https://<url.kelvin.ai>", "username": "<your_username>"})
client.login(password="<your_password>")
# Create Secret
response = client.secret.create_secret(name="demosecret", value="This is a really big secret!")
print(response)
You will see the output like this;
name='demosecret'
kelvin secret create demosecret --value="This is a really big secret!"
If everything went well you will get the confirmation response like this;
[kelvin.sdk][2024-03-19 20:00:45][I] Creating secret "demosecret" on the platform
Delete Secret
In this example we will delete the secret name demosecret.
You can not edit a secret. If you need to update a secret, just delete and create it again with the new value.
curl -X 'POST' \
'https://<url.kelvin.ai>/api/v4/secrets/demosecret/delete' \
-H 'Authorization: Bearer <Your Current Token>' \
-H 'accept: application/json' \
-d ''
The response code will be 200 or an error code from 4XX.
from kelvin.api.client import Client
# Login
client = Client(config={"url": "https://<url.kelvin.ai>", "username": "<your_username>"})
client.login(password="<your_password>")
# Delete Secret
response = client.secret.delete_secret(secret_name="demosecret")
print(response)
You will see the output like this;
None
kelvin secret delete demosecret
You will need to confirm the delete process and if everything went well you will get the confirmation response like this;
[kelvin.sdk][2024-03-19 21:08:12][I] Deleting secret(s) "demosecret" from the platform
[kelvin.sdk][2024-03-19 21:08:12][W]
This operation will delete the secret(s) "demosecret" from the platform
Are you sure? [y/N] y
[kelvin.sdk][2024-03-19 21:08:17][R] Secret "demosecret" successfully deleted from the platform
List all Secrets
In this example we will list all the secret names available that have the string demo in their name.
You will not see any secret values with this command, only the names.
curl -X 'GET' \
'https://<url.kelvin.ai>/api/v4/secrets/list?search=demo' \
-H 'Authorization: Bearer <Your Current Token>' \
-H 'accept: application/json'
The response will look like this;
{
"data": [
{
"name": "demosecret"
}
],
"pagination": {
"next_page": null,
"previous_page": null,
"page_size": 20
}
}
from kelvin.api.client import Client
# Login
client = Client(config={"url": "https://<url.kelvin.ai>", "username": "<your_username>"})
client.login(password="<your_password>")
# List Secrets with Filter
response = client.secret.list_secrets(search="demo")
print(response)
You will see the output like this;
[Secret(name='demosecret')]
kelvin secret list --filter demo
You will need to confirm the delete process and if everything went well you will get the confirmation response like this;
[kelvin.sdk][2024-03-19 21:20:52][I] Retrieving platform secrets..
[kelvin.sdk][2024-03-19 21:20:54][I] *************************** Secrets ***************************
+---------------+
| Secret name |
|---------------|
| demosecret |
+---------------+
Use Secrets in Apps
To use secrets in your program, you link the secret value on the Kelvin Platform to an Environment variable in the app.yaml file. Then you can access it like any normal Environment variable in any language.
system:
environment_vars:
- name: demosecret
value: <% secrets.demosecret %> # notice the secrets prefix
privileged: false
import os
demosecret = os.environ.get("demosecret", "error!")
print(f'Your secret is {demosecret}')
const demosecret = process.env.demosecret || "error!";
console.log(`Your secret is ${demosecret}`);
public class Main {
public static void main(String[] args) {
String demosecret = System.getenv("demosecret");
if (demosecret == null) {
demosecret = "error!";
}
System.out.println("Your secret is " + demosecret);
}
}
using System;
class Program
{
static void Main()
{
string demosecret = Environment.GetEnvironmentVariable("demosecret") ?? "error!";
Console.WriteLine($"Your secret is {demosecret}");
}
}
demosecret = ENV["demosecret"] || "error!"
puts "Your secret is #{demosecret}"
<?php
$demosecret = getenv("demosecret") ?: "error!";
echo "Your secret is {$demosecret}";
?>