Documentation
Concepts
Secret Management

Secret Management

Secret management is a critical aspect of any application. It is important to store sensitive information like API keys, passwords, configs etc in a secure manner. These secrets should not be committed into the gitops repository. SkyU provides two options for secret management:

  1. SkyU Secret Manager: SkyU provides a built-in secret manager that can be used to store secrets for your project. This secret manager is secure and easy to use.
  2. Dedicated Secret Manager: You can also use a dedicated secret manager like AWS Secret Manager to store secrets for your project. This option provides more control and flexibility over your secrets.

SkyU Secret Manager

SkyU Secret Manager is a built-in secret manager that is provided by SkyU. It is secure and easy to use. You can use the SkyU Secret Manager to store secrets for your project. The SkyU Secret Manager is automatically enabled for every project in SkyU.

Underlying technology used in SkyU Secret Manager is AWS Secrets Manager. AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

This is a multi-tenant secret manager where each project in SkyU gets its own secret store. The secrets are encrypted at rest and in transit. SkyU Secret Manager provides a simple and secure way to store and manage your secrets.

This is recommended for startups and testing demo projects where you need a simple and secure way to store your secrets.

Dedicated Secret Manager

You can also use a dedicated secret manager like AWS Secrets Manager to store secrets for your project. This option provides more control and flexibility over your secrets. You can use the dedicated secret manager to store secrets for your project.

To use a dedicated secret manager, you need to link your AWS account to your project. Once linked, you can use the AWS Secrets Manager to store and manage your secrets. This option is recommended for production projects where you need more control and flexibility over your secrets.

You can learn more about how to link your AWS account to your project in the Projects section.

Secret Lifecycle

The following diagram depicts the high-level architecture of the SkyU Secret Manager.

Application Configurations and Integrations are stored in the Secret Manager. Pipeline Secrets are directly stored as Github Secrets

Resource HeirachyCluster Agent