Secrets

1. System Context

Developers use Nitric to declare secrets within their application.

  • App code uses the Secrets resource from the Nitric SDK.
  • Developers configure secrets and implement application logic to securely access and manage these secrets.

Operations use default or overridden Terraform modules to provision the necessary resources for their target cloud.

Example AWS Provider
  • AWS Secrets Manager stores and manages secrets.
  • AWS IAM provides roles/policies for secure access to secrets.
Code
Terraform
Create Secret
Access Secret
Provide Access
Developer
Operations
nitric up
AWS Secrets Manager
AWS Lambda Functions
AWS IAM
Example GCP Provider
  • Google Secret Manager stores and manages secrets.
  • Google IAM provides roles/policies for secure access to secrets.
Code
Terraform
Create Secret
Access Secret
Provide Access
Developer
Operations
nitric up
Google Secret Manager
Google Cloud Functions
Google IAM

2. Sequence

ClientNitric SDKNitric RuntimeCloud Secret Manager (e.g., AWS Secrets Manager, GCP Secret Manager)alt[Successful Operation][Failure]Perform secret operation (e.g., get, set, delete)Forward secret API callExecute secret operationReturn result (e.g., secret value, success status)Return resultReturn result to clientReturn errorForward errorReturn error responseClientNitric SDKNitric RuntimeCloud Secret Manager (e.g., AWS Secrets Manager, GCP Secret Manager)

3. Component

Secrets Module

  • Dynamically creates and manages secure storage for sensitive information, ensuring confidentiality and integrity.
  • Configures secrets with appropriate metadata or tags for easy identification, tracking, and management.
  • Enforces access control policies to restrict secret usage to authorized applications or services, following the principle of least privilege.
  • Supports versioning of secrets to facilitate secure updates and rollback capabilities without service disruption.
  • Provides seamless integration with application workflows by enabling dynamic retrieval and management of secrets.
  • Abstracts the complexity of underlying secret management systems, allowing developers and operators to interact with a unified interface regardless of the cloud provider.

4. Code

Developers write application code that imports the 'secret' resource from the SDK, configures the secret, and implements the application logic to access and manage secrets.

SDK Reference by language -

Operations will use or extend the Nitric Terraform reference modules:

Edit this page on GitHub
Last updated on Jan 24, 2025