Skip to main content

Secrets Overview

PurposeFor working with sensitive data or keys, the Raven Portal uses something called Secrets, which helps the user work with more security by controlling access to crucial information. In this documentation, we will discuss in more depth what Secrets are, how to use them, and all the types of Secrets provided by the portal.
Last UpdatedNovember 12, 2024
Expertise Level:Expertise level icon
No coding experience required.

What are Secrets

In Raven, secrets are sensitive authentication keys stored securely for use within Bricks. These keys allow controlled access to resources or systems while keeping credential information safe and centrally managed. All secrets are stored within a vault, which ensures secure availability for authorized team members without exposing the credentials themselves.

Here’s an overview of how they function:

  • Centralized Use of Secrets: For Secrets to function properly in Bricks, they must be centrally accessible.
  • Vault Cluster for Centralization: To maintain security and control, all Secrets are stored in a vault cluster, facilitating centralized management across the platform.
  • Scalability in Dynamic Environments: Secrets are designed to scale within a cloud-agnostic, dynamic environment that includes frequently changing machines and network addresses.
  • Portal Management without Exposure: While users can manage Secrets within the Raven portal, the contents remain hidden to ensure data confidentiality.

The secrets vault operates as a backend system, meaning users don’t directly interact with it within the Raven portal. Instead, it runs in the background, securely handling and storing all Secrets.

Raven uses the HashiCorp Vault for its secure storage solution. More details on HashiCorp Vault can be found here: Learn more about HashiCorp

Secret Manager Overview

Accessing Secrets

The Secrets Manager app can be found in the Engine Module. Here users can find an organized list of all secrets created within their Raven instance. This list includes key details for each secret, such as:

  • Creator: Identifies the user who originally created the Secret, offering insight into its source and establishing accountability.
  • Type: Specifies the category or classification of the Secret, such as API key, Basic Authentication, Azure, Connecting strings, etc.
  • Details: Provides an overview or additional context regarding the Secret.
  • Expiration: Indicates the expiration date set for the Secret, which is crucial for enforcing security policies and maintaining regular credential rotation.
  • Last Updated: Shows the most recent date when the Secret was modified. This helps in tracking changes and understanding how current the Secret is.

Creating and Editing a Secret

Creating a New Secret

To create a secret, click the New Secret button in the top-right corner of the main interface. A popup will appear, allowing you to configure its settings.

In this popup, you will be able to configure the following fields:

  1. Name: Assign a clear, descriptive name to the Secret.
  2. Description: Provide additional context for the Secret’s intended purpose.
  3. Expiration Date: Set a time limit on the Secret to enhance security.
  4. Secret Types: Choose the secret type; additional fields may appear depending on the selected type.

When creating a Secret, it’s recommended to use downscoped or permission-specific credentials tailored to the specific task it is intended for.

After filling in the required information, click Create to save the secret.

Note: Some secrets may be limited to specific regions or functions. To prevent confusion, note any such restrictions in the secret's name or description.

Editing a Secret

Users can only edit or delete secrets they have created. This functionality is available through the three-dot menu button next to each user-created secret in the list. This setup ensures that only the original creator has control over modifications or deletions, maintaining security and preventing unauthorised changes to sensitive information.

Using a Secret

In the Raven Portal, secrets are used throughout the system to securely manage sensitive information. They can be incorporated into a brick's configuration, and when a secret is required, a parameter with a dropdown menu will appear, allowing users to select from available secrets.

Secrets are incorporated into the following areas within the portal:

  • Bricks: Fundamental building blocks that perform specific tasks in event processing. They can be configured with secrets (like API keys or tokens) as parameters in Bricks Management, enabling secure access to external resources.

Apps

  • Raven Flows: Allows users to chain multiple Bricks to create custom, multi-step processes. Secrets in Flows can be used to configure Bricks securely, such as enabling an S3 Action Brick to send data to an Amazon Web Services account.
  • Raven Playbooks: Lets users visually build complex workflows by connecting Bricks. Secrets in Playbooks can manage authentication, such as providing credentials for a Query SQL Brick to access databases securely.
  • Raven Tables: Organizes data into rows and columns for structured storage and retrieval. Secrets in Tables can be used to secure sensitive data entries or configure access permissions, ensuring secure data handling in workflows.