Synpse
🤖 Devices⚡ ApplicationsTry Synpse!
  • Intro to Synpse
  • Start here
    • Quick Start (web user)
    • Quick Start (CLI)
  • Agent
    • Install
      • Raspberry Pi
      • Linux (Docker)
      • MacOS
      • NVIDIA Jetson
      • Headless (Ubuntu)
      • BeagleBoard AI
      • Bulk Provisioning
      • 🪄Beta - Universal Synpse image
      • Containerized agent
      • Configuration
    • Uninstall
  • CLI
    • Install & Usage
  • synpse core
    • Devices
      • Device Provisioning
      • HTTPS Tunnel Access
      • SSH Access
      • Device Labels
      • Environment Variables
      • Proxy Application Ports
      • OS & Architectures
      • Operations
      • Device API
    • Applications
      • Deploy
      • Secrets
      • Environment variables
      • Substitution (dynamic templates)
      • Volumes
      • Networking
      • Scheduling
      • Registry authentication
      • Using GPUs
      • Tips & Tricks
      • Logs and status
      • Application specification (API reference)
    • Account
      • Personal Access Tokens
      • Service (Robot) Accounts
      • Teams (Share Devices)
    • Monitoring (beta)
      • Device Monitoring
      • Application Monitoring
  • Manage
    • Projects
    • Namespaces
    • Quotas
  • Examples
    • 🏠Home Automation
      • Gladys Assistant
      • Home Assistant
    • 🛠️Preparing OS Images
      • Synpse CLI Builder
      • Build a custom Raspberry Pi image
      • Cloud-init (advanced)
    • 💡Dynamic Templates
    • ☁️Public Cloud IoT
      • AWS IoT Core
      • Azure IoT Hub
      • GCP IoT Core
    • 🚀Device management
      • VNC to remove devices
      • Ansible
  • On-prem Deployment
    • 🐳Docker Compose
    • 🌤️kubernetes
  • Resources
    • API Documentation
    • Deployment patterns
    • Security & Tech
Powered by GitBook
On this page
  • Overview
  • Using secrets
  • Creating a secret
  • Reference a secret from application spec
  • Secret files

Was this helpful?

  1. synpse core
  2. Applications

Secrets

Use secrets to conceal sensitive configuration from the deployment manifests.

PreviousDeployNextEnvironment variables

Last updated 3 years ago

Was this helpful?

Overview

When deploying applications you often end up specifying sensitive information in your deployment to enable secure database connections, providing API keys and other parameters that you normally wouldn't commit to the codebase. Synpse secrets decouples this configuration from your regular deployment files. Application spec can reference to secrets that were created in the same namespace.

Note: if you update secrets you will need to restart your applications for them to get the updated values.

Using secrets

You can view your existing secrets by selecting the namespace applications and then going to the secrets tab via the top toolbar:

Secrets tab will let you view, created, edit and delete existing secrets:

Creating a secret

Click on the "Create Secret" button if you want to add a new secret:

You can also use CLI to create a secret:

synpse secret create database-password --secret-value very-secret

Reference a secret from application spec

Secrets can be referenced as an environment variables in the application spec:

name: my-app
scheduling:
  type: AllDevices
  selectors: {}
spec:
  containers:
    - name: my-app
      image: my-organization/app:1.0.1
      env:
        - name: DATABASE_PASSWORD
          fromSecret: database-password

Never commit your secrets to git or GitHub, always reference them from the application spec to improve security.

Secret files

Secret maximum size is 100Kb

$ synpse secret create redis-config -f redis.conf

Secret can be used in application deployment by referring it in the spec

name: my-app
scheduling:
  type: AllDevices
  selectors: {}
spec:
  containers:
    - name: my-app
      image: my-organization/app:1.0.1
      secrets:
        - name: redis-config
          filepath: /path/to/redis.conf

File will be mounted to the Docker container and your application can read it from the specified file /path/to/redis.conf.