Use the DC/OS Enterprise Secret Store to secure sensitive information like database passwords, API tokens, and private keys. Storing secrets in secret paths allows you to restrict which services can retrieve the value.
Authorized Marathon services can retrieve the secrets at deployment and store their values under environment variables.
You can also find information about secrets in the Permissions sections.
Reinitializing the Secret Store with a custom GPG keypair
The permissions needed to create a secret vary by interface.…Read More
Configuring services and pods to use secrets
The permissions that a user will need to deploy a service or pod that uses a secret vary by security mode.…Read More
Sealing the Secret Store
You may want to manually seal the Secret Store to protect its contents from an intruder.…Read More
Unsealing the Secret Store
The Secret Store can become sealed under the following circumstances.…Read More
The Secrets API allows you to manage secrets and perform some backend functions such as sealing and unsealing the Secret Store. It offers more functionality than the DC/OS GUI.…Read More