This guide will explain how to add & use secrets in services. Secrets are sensitive key value pairs that you add at run time to use in your services. You can use secrets to pass credentials to access your database, s3 bucket, OpenAI API, environment name, JWT auth keys, cookie secrets and other environment specific information.

Encryption & storage

Value of each secret is encrypted and stored in your cloud account’s secret manager. For example, in AWS, all the secrets are encrypted/stored in Parameter Store.

Usage & environment vars

LocalOps securely passes each key value pair as environment variable to your service. So you can read them and use in code as you would do for any other environment variable.

How to add/update secrets

During service creation

In New Service form, you can see a section called “Secrets”. You can add your key value pairs in that section and create the service. If you don’t have all secrets handy when you are creating the service, you can add them after service created. We don’t deploy a service until you trigger them from UI or via git push.

After service creation

Navigate to Environment > Services > Service section to find “Secrets” tab. In there, you can add/update your secrets anytime.

Deploy changes

To propagate any change in secrets, you will have to trigger a new deployment in your service. So that your containers can restart with new and updated env vars. Click on “Deploy” on top right corner of the service section, to do a manual deployment from the latest commit of the configured branch. Or push a new commit to the configured branch and git repo.