¶ Secrets manager
The Secrets Manager is a tool that securely manages keys and passwords on a per-department and per-user basis, ensuring that only authorized users have access to these sensitive credentials.
It can be accessed from the main menu of the application, within the "Tools" submenu, as shown in the image.
When you enter the Secret Manager, a table is displayed with a list of all the secrets that the user can access. To create a new secret, click on the "Create Secret" button.
This opens the secret creation page, which presents a form with the following fields:
- Secret Key: The identifier key for the secret. The secret’s value will be retrieved using this key.
- Secret Value: The actual value of the secret.
- Department: Select one or more departments within the company that should have access to the key. Alternatively, you can set the key to be visible to all departments by selecting the 'All' option.
- User: Choose whether the secret should be accessible to all users in the company (provided they meet the department criteria) by selecting 'All', or restrict access to only the user creating the secret. In the latter case, only the creator will have access to the key, regardless of the department settings.
Note: Only users who meet the specified Department and/or User criteria will be able to access the secret value. This ensures that sensitive information is securely restricted to authorized users within Pyplan.
When creating secrets, it's important to note that the same secret key can be used with different department or user configurations.
For example, if you create a key called 'KEY 1' for all users in the Default department, but then need to assign a different value to 'KEY 1' specifically for your user within the Default department, there will be no compatibility issues. The system will correctly retrieve the value associated with your user within the department when the key is used.
The key values will not be displayed in the table. To view the value of the key within the list of keys, click on the icon shown in the image.
This will display the text of the selected row's value. To hide it again, click the icon again.
¶ How to retrieve a secret in Pyplan
To retrieve these secrets within the application, use the 'pp' function called get_secret, which accepts the following parameters:
- secret_key: A string representing the key of the secret.
- department_code: An optional string parameter that allows you to force the retrieval of the secret key associated with a specific department.
The get_secret function returns the secret as a string if a match is found, or None if no matching key is found.
¶ Example usage
After creatingthe DB_PASSWORD secret:
You can access this key in Pyplan by running result = pp.get_secret('DB_PASSWORD')inside a node:
If another user from a different department (other than 'Default,' which was the department we set) opens the same app, the function will return None:
You can also link a secret to a form database password by editing the settings of the form:
This ensures that only authorized users have permission to read or write to the form.