Skip to main content Link Search Menu Expand Document (external link)
Simple Configuration Server

Secrets Directory

Use the ‘directories.secrets’ variable inside scs-configuration.yaml to set the location of this directory

This directory works just like the ‘common’ directory. By defining secrets in a seperate directory, you can completely seperate your secrets from the configuration files itself, meaning you can safely store the rest of the configuration (everything, except the Secrets Directory and optionally also the User Definitions) in a git repository.

In secrets files, you can additionally use the !scs-gen-secret YAML tag to let SCS auto-generate a secret using the secrets.token_urlsafe function, with a random number of bytes between 32 and 64 characters. The first time a file with this tag is read, the token will be generated, and saved back to the YAML file.

Files with the !scs-gen-secret YAML tag are parsed and re-saved. Any comments or additional whitespace will be lost

Every time a user requests an endpoint that exposes 1 or more secrets, the user and the requested secrets are logged in the audit log.

Use the !scs-secret YAML tag to reference secrets files and variables in the secrets directory.