The Secrets Manager is a tool that securely manages keys and passwords on a per-department and per-user basis, ensuring that only authorized users have access to these sensitive credentials.
It can be accessed from the main menu of the application, within the "Tools" submenu, as shown in the image.
When you enter the Secret Manager, a table is displayed with a list of all the secrets that the user can access. To create a new secret, click on the "Create Secret" button.
This opens the secret creation page, which presents a form with the following fields:
Note: Only users who meet the specified Department and/or User criteria will be able to access the secret value. This ensures that sensitive information is securely restricted to authorized users within Pyplan.
When creating secrets, it's important to note that the same secret key can be used with different department or user configurations.
For example, if you create a key called 'KEY 1' for all users in the Default department, but then need to assign a different value to 'KEY 1' specifically for your user within the Default department, there will be no compatibility issues. The system will correctly retrieve the value associated with your user within the department when the key is used.
The key values will not be displayed in the table. To view the value of the key within the list of keys, click on the icon shown in the image.
This will display the text of the selected row's value. To hide it again, click the icon again.
To retrieve these secrets within the application, use the 'pp' function called get_secret
, which accepts the following parameters:
The get_secret
function returns the secret as a string if a match is found, or None
if no matching key is found.
After creatingthe DB_PASSWORD secret:
You can access this key in Pyplan by running result = pp.get_secret('DB_PASSWORD')
inside a node:
If another user from a different department (other than 'Default,' which was the department we set) opens the same app, the function will return None
:
You can also link a secret to a form database password by editing the settings of the form:
This ensures that only authorized users have permission to read or write to the form.