Use the DC/OS Enterprise Secret Store to secure sensitive information like database passwords, API tokens, and private keys. Storing secrets in secret paths allows you to restrict which services can retrieve the value.
Authorized Marathon services can retrieve the secrets at deployment and store their values under environment variables.
You can also find information about secrets in the Permissions Reference section.
You can create secrets in DC/OS by using a key-value pair or as a file. Both methods add a name and secret value to the secret store. You may find it convenient to add a secret as a file if you already have a secret value stored in a file locally and want to avoid cutting-and-pasting.…Read More
Configuring services and pods to use secrets
Your service definition can reference secrets as environment variables or as a file.…Read More
Sealing the Secret Store
You may want to manually seal the Secret Store to protect its contents from an intruder.…Read More
Unsealing the Secret Store
The Secret Store can become sealed under the following circumstances.…Read More
The Secrets API allows you to manage secrets and perform some backend functions such as sealing and unsealing the Secret Store. It offers more functionality than the DC/OS GUI.…Read More