====== Secret Value ======



===== About =====

''Secret'' are a piece of information that you don't want to be visible in clear in your code or to leak in any way (log, console, ...)

The most known secret are tokens that represents a credential in order to log in to a [[docs:system:system|system]]:
  * [[docs:connection:password|password]]
  * api key
  * ...
To enhance secrecy you may also want to cache other information such as the location of you system (host, port,...)

===== Ciphered Secret Format =====

We support the following ciphered secret values: 

  * Os env variable: in the [[docs:conf:vault|conf file]]. ie 
    * `${MY_SECRET}` or `$SECRET`
    * or a template string `foo${MY_SECRET}bar`
  * Tabli Vault: [[:docs:tabli:vault:encrypt|Tabli encrypted value]]
  * HashiCorp Vault: `vault:/path/to/secret/fieldName` (Enterprise option)
  * For any other external vault, [[:contact|contact us]]



===== FAQ ===== 
==== Are Environment variables considered secret ====

[[docs:conf:os|Environment variables]] are not considered secret by default unless:

  * they have a [[:docs:tabli:vault:encrypt|encrypted value]]
  * they have in their name `secret`, `key`, `password`, `pwd` or `passphrase`
  * they are defined in the [[docs:conf:vault|conf file]] as value. Example:

<code yaml>
attribute: ${MY_SECRET}
</code>