🔗 Supported Cloud Objects🔗 Portal🔗 REST API🔗 tuono.com

secret

Description

Venue

Equivalent Concept(s)

aws

Parameter Store

azure

Key Vault Secrets

A secret to store inside the venue for additional automation. If the name property is not provided, the blueprint object name is used.

Venue-Specific Behavior

AWS

Secrets are stored as SecureString type parameters in SSM.

If you specify the name property and it is different than the blueprint object name, the SSM parameter that is added will use that name exactly. Otherwise, the parameter name will follow the pattern /tuono/<folder-name>/<secret-name>. Keep in mind that SSM parameter names must be unique within a region, per account.

Azure

Without any additional options, Tuono will choose a reliable Key Vault name for you based on your subscription and folder name. You may choose to provide your own Key Vault name, however note that Key Vault names are globally unique, so if someone else is already using that name, your blueprint will not deploy. The Key Vault is created in the secret's folder.

venue:
  azure:
    key_vault_name: MyKeyVault

The Key Vault can subsequently be accessed by a Virtual Machine if properly configured. This allows you to use secrets in your VM bootstrapping automation. See compute.vm for more details.

Features

Secrets Management

Feature

AWS

Azure

Add

✔️

Import

Remove

✔️

Required Properties

This object has no required properties, but it likely requires a combination of optional properties to be useful.

Optional Properties

value (string)

The secret value to store.

Common Properties

count (integer)

Indicates how many of this secret should exist. When count is specified the name of the given resource will have a hyphen and numeric suffix added automatically, unless the count variable is referenced in the blueprint object name.

depends_on ( any)

This property can be used to declare a dependency from this secret to any other object in the blueprint. This is not necessary for dependencies generated normally by the schema.

folder ( location.folder)

The folder containing this secret. If this is not specified and there is only one folder defined, that folder is used automatically.

name (string)

The name of this secret. The name can be different than the blueprint object name. When the name property is not present we apply automatic naming strategies to make resources easier to identify in each venue's management console. When the name property is specified we will use it exactly as specified.

readonly (boolean)

Indicates whether or not this secret is read-only. If so, we verify only the existence and correctness of this secret to its specification rather than creating or modifying it.

The default value if not specified is false.

tags (dict)

The tags to place on this secret. Tags are metadata stored in (key = value, ...) form. Consumers are not allowed to use tags that begin with _tuono as those are reserved.

Discovered Properties

These properties are populated and available in the inventory following a successful apply.

id (string)

The venue-specific identifier of this secret.

Examples

Store a secret:

location:
  folder:
    example-folder:
      region: example-region
  region:
    example-region:
      area: west
      country: USA
security:
  secret:
    admin_password:
      value: (( admin_password ))
variables:
  admin_password:
    description: The administrative password to use.
    type: secret
PreviouscertificateNextstorage

Last updated

Was this helpful?