Application secrets
Application secrets are stored as environment variables in your application space. To protect your private secrets, environment variables can be encrypted and then dynamically added to your application serverless runtime.
A Secret is typically an encrypted environment variable that contains a small amount of sensitive data such as a password, a token, or a key.
Adding secret environment variables
The following Codehooks CLI command will create an encrypted enviroment variable that you can use in your code as process.env.MY_SECRET_VARIABLE:
coho set-env MY_SECRET_VARIABLE 'some secret content here' --encrypted
Adding regular non-secret environment variables
Running the set-env command without the --encrypted parameter will create a plain text variable, which you can use in your code as process.env.MY_VARIABLE.
The follwing Codehooks CLI command will create an encrypted environment variable that you can use in your code as process.env.VARIABLENAME:
coho set-env MY_VARIABLE 'some regular content here'
Inspecting secrets and environment variables
You can use the coho info CLI command to inspect your system variables. You will not be able to inspect the actual content of encrypted variables. Example output of the info command is shown below:
coho info
...
Spaces:
┌──────────────┬─────────┬───────────────┬──────┬───────────────────────────────────────┐
│ Name │ Tokens │ Allowed Hosts │ Jwks │ Env │
├──────────────┼─────────┼───────────────┼──────┼───────────────────────────────────────┤
│ dev (active) │ │ │ │ MY_SECRET_VARIABLE=(encrypted) │
│ │ │ │ │ MY_VARIABLE=some regular content here │
└──────────────┴─────────┴───────────────┴──────┴───────────────────────────────────────┘
...
Removing environment variables
The follwing Codehooks CLI command will remove any enviroment variable:
coho remove-env MY_VARIABLE
You can also set these environment variables using the account UI.