Custom Secrets

Cosmocloud lets you make custom secrets for any and every use case you might have wherein you want to store sensitive information, anything confidential in terms of key-value pairs.

The process to make a custom secret is pretty simple – Refer to the screenshots below. You can then call your secret using the Secret Name ;)

Select the Type of Secret as Custom

Some common use cases for custom secrets include -

  • Base URL to External Services : This refers to the base URL used by an application to interact with external APIs. Even though a base URL might not be sensitive, but when combined with specific paths or parameters, it can become critical. Keeping this a secret can help prevent misuse or unauthorized access, especially when the base URL is part of a restricted or internal service that should not be widely known.

  • Values in .env Files : Environment variables stored in .env files often include sensitive information such as API keys, configuration settings, and other secrets. These files are crucial for configuring an application’s environment without hard-coding sensitive information into the source code. Values in .env files can control anything from turning on debug modes to API endpoints and should be protected to ensure they are not exposed in source code repositories or through application leaks.

  • SSL/TLS Certificates : Private keys for SSL/TLS certificates ensure secure, encrypted communications over the internet.

  • OAuth Tokens : Used to access resources from third-party services, allowing applications to authenticate and authorize without exposing user passwords.

  • Cloud Provider Credentials : Keys that enable programmatic management of cloud resources, essential for automating operations in cloud environments.

  • Encryption Keys : Employed to encrypt and decrypt data, ensuring that sensitive information is accessible only to authorized parties.

  • Configuration Secrets : Include API endpoints or feature flags that are sensitive; and used to tailor and control application behavior dynamically.

  • Service Account Credentials : Credentials for automated processes that require specific permissions, often with more limited access than user accounts.

  • Payment Gateway API Keys : Enable secure interactions with payment systems to process transactions without exposing sensitive financial details.

  • SSH Keys : Used for secure shell access to servers, crucial for maintaining secure and controlled access to server resources.

  • API Rate Limit Keys : Secrets that manage the rate at which applications can make requests to external APIs to comply with usage policies.

  • Third-Party App Integrations : Tokens or keys that authenticate external applications or services to integrate with primary systems securely.

Last updated