}}

Secrets

Enterprise DC/OS Updated: March 21, 2017

Use the Enterprise DC/OS Secret Store to secure sensitive information like database passwords, API tokens, and private keys. Storing secrets in secret paths allows you to restrict which services can retrieve the value.

Authorized Marathon services can retrieve the secrets at deployment and store their values under environment variables.

In addition, the Secrets API allows you to seal/unseal and reinitialize the Secret Store.

You can also find information about secrets in the Overview and Permissions sections.

Creating secrets

Creating secrets About creating secrets The permissions needed to create a secret vary by interface. To create a secret using the web interface, the dcos:superuser permission is re...

Configuring services to use secrets

About configuring services to use secrets To deploy an application that uses a secret, a user needs the permission to access Marathon and the permission to deploy services from wit...

Sealing the Secret Store

You may want to manually seal the Secret Store to protect its contents from an intruder. Sealed Secret Stores cannot be accessed from the web interface. Secret values cannot be ret...

Unsealing the Secret Store

About unsealing the Secret Store The Secret Store can become sealed under the following circumstances. After being manually sealed. After a power outage. A sealed Secret Store cann...

Secrets API

About the Secrets API The Secrets API allows you to manage secrets and perform some backend functions such as sealing and unsealing the Secret Store. It offers more functionality t...