In Instill VDP, certain components require the configuration of credential data, such as passwords, API keys, and tokens. The protection and privacy of these credentials are paramount. To prevent potential exposure of sensitive data, VDP not only prohibits users from setting credential data as plaintext within the recipe but also stores all credential data in a specified secret space. This approach ensures that sensitive data is kept secure and inaccessible to unauthorized individuals. Users can manage their secrets by navigating to Console > Settings > Secrets.
#Secret Object
In the all APIs in Manage Secrets, all endpoints follow a consistent structure for request and response bodies. Below are the key fields:
id: The version of this release.uid: The immutable UID of the release.name: The full resource name of the release.description: A brief description of the release.value: This is the secret value. Note that it is a request-only field and will not be included in the response.
For additional details, please refer to the API reference.
Example Secret Object:
{ "name": "users/test/secrets/my-secret-1", "uid": "89fccd1b-eba6-4597-9462-ad0ddd18902b", "id": "my-secret-1", "value": "the-secret-value", "createTime": "2024-10-01T07:34:36.956689Z", "updateTime": "2024-10-01T07:34:36.956689Z", "description": "A secret"}
#Manage Secrets via API
#List Secrets
This endpoint returns a paginated list of secrets associated with a specific namespace.
#Create Secret
#Get Secret
This endpoint allows for getting a secret.
#Update Secret
This endpoint allows for updating a secret with a new value.
#Delete Secret
This endpoint enables the deletion of a specified secret.
The NAMESPACE_ID and SECRET_ID path parameter must be replaced by the
secret owner's ID (namespace) and the secret ID.
For more details, please refer to the API Reference.
#Manage Secrets via Console
-
Access the Secrets page:
- Proceed to Console > Settings > Secrets.
- This section provides a user-friendly interface for managing all your credential data.
-
Create a new secret:
- Press the
Create Secretbutton. - Input a unique key and the corresponding credential data.
- Press the
Create Secretbutton to save the secret to make it available for pipeline configurations.
- Press the
-
Delete a secret:
- Locate the secret you want to delete.
- Press the
Deletebutton to delete the secret.
By complying with these practices, Instill VDP ensures that all credential data is managed securely, minimizing the risk of unauthorized access and potential breaches. This method allows users to concentrate on constructing and deploying robust data processing pipelines without jeopardizing security.
#Reference Secret in Recipe
When setting up a pipeline, users can refer to stored secrets within component configurations using a specific syntax. Rather than incorporating plaintext credentials, users can securely load secret data by employing the following syntax:
${secret.my-secret-key}
This method ensures that the actual credential data is never exposed in the pipeline configuration, maintaining the integrity and security of the system.