Manage secrets

Kalix provides secret management for each project. Secrets are for passwords, login credentials, keys, etc. You can provide secrets to your services through environment variables. When you display the service information, the content of the secrets will not displayed.

Manage secrets in a project

Adding secrets

To add secrets to your Kalix project, you can use the Kalix CLI.

To mark your project as the target of subsequent commands, use the following command:

kalix config set project sample-project

When you create a secret, it contains:

  • secret name

  • contents (as key/value pairs)

CLI

Use the kalix secret create command.

kalix secret create generic db-secret \ (1)
  --literal username=admin \
  --literal pwd=my_passwd (2)
1 Secret name
2 Contents (as key/value pairs)

You can also set a secret from a file, using the --from-file argument:

kalix secret create generic some-key \
  --from-file key=path/to/my-key-file

Updating secrets

CLI

Secrets can be updated using the kalix secret update command, in the same way as the kalix secret create command:

kalix secret update generic db-secret \
  --literal username=new-username \
  --literal pwd=new-password

Listing secrets

To list the secrets in your Kalix project, you can use the Kalix CLI or the Kalix Console. For security purposes, they only show content keys. Neither the CLI nor the Console will show content values of a secret.

CLI

Use the kalix secret list command:

kalix secret list

The results should look something like:

NAME         TYPE      KEYS
db-secret    generic   username,pwd
Console
  1. Sign in to your Kalix account at: https://console.kalix.io/

  2. Click the project for which you want to see the secrets.

  3. Using the left pane or top navigation bar, click Secrets to open the Secrets page which lists the secrets.

Display secret contents

To display secret contents for your Kalix project, you can use the Kalix CLI or the Kalix Console. For security purposes, they only show content keys. Neither the CLI nor the Console will show content values of a secret.

CLI

Use the kalix secret get command:

kalix secret get <secret-name>

The results should look something like:

NAME: db-secret
KEYS:
   username
   pwd
Console
  1. Sign in to your Kalix account at: https://console.kalix.io/

  2. Click the project for which you want to see the secrets.

  3. Using the left pane or top navigation bar, click Secrets to open the Secrets page which lists the secrets.

  4. Click the secret you wish to review.

Removing secrets

To remove the secret for your Kalix project, you can use the Kalix CLI.

CLI

kalix secret delete command:

kalix secret delete <secret-name>

Set secrets as environment variables for a service

To set secrets as environment variables for a service, you can use the Kalix CLI.

CLI

kalix service deploy command with parameter --secret-env:

kalix service deploy <service-name> <container-image>  \
    --secret-env MY_VAR1=db-secret/username,MY_VAR2=db-secret/pwd  (1)
1 The value for an environment variable that refers to a secret is of the form <secret-name>/<secret-key>

Display secrets as environment variables for a service

To set secrets as environment variables for a service, you can use the Kalix CLI or the Kalix Console.

CLI

kalix service get:

kalix service get <service-name>

The results should look something like:

Service: 	<service-name>
Created: 	24s
Description:
Status: 	Running
Image: 		<container-image-path>
Env variables:
		MY_VAR1=db-secret/username
		MY_VAR2=db-secret/pwd

Generation: 	1
Store: 		<store-name>
Console
  1. Sign in to your Kalix account at: https://console.kalix.io/

  2. Click the project to which your service belongs.

  3. Click the service.

  4. In the Properties: <service-name> panel, you should see the environment variables.