Version 1.0.0
GitHubManaging Secrets Guide
Learn how to securely store and use sensitive information with the Neo Service Layer Secrets service.
Information
This is a basic version of the secrets management guide. It will be expanded with more detailed content in future updates.
What are Secrets?
The Secrets service provides a secure way to store sensitive information like API keys, credentials, and configuration values. These secrets are:
- Encrypted at rest and in transit
- Only decrypted inside the Trusted Execution Environment (TEE)
- Never exposed outside the TEE, even to our operators
- Version-controlled for audit purposes
Important Security Note
Never hardcode sensitive information in your functions or automation configurations. Always use the Secrets service to handle sensitive data.
Using Secrets in Functions
Once you've stored a secret, you can access it within a function using the secrets object:
using-secrets.js
1async function main(context) {
2 // Access a stored API key
3 const apiKey = await context.secrets.get('external-api-key');
4
5 // Use the API key to make an authenticated request
6 const response = await fetch('https://api.example.com/data', {
7 headers: {
8 'Authorization': `Bearer ${apiKey}`
9 }
10 });
11
12 const data = await response.json();
13 return data;
14}Best Practices
- Give each secret a descriptive name that indicates its purpose
- Limit access to secrets based on the principle of least privilege
- Rotate secrets regularly, especially for production environments
- Use different secrets for development, testing, and production