Koyeb Secrets allow you to securely store and retrieve sensitive information like passwords or API tokens. They enable you to secure your code by removing hardcoded credentials and let you pass environment variables securely to your applications.
Another advantage of using Secrets is their reusability. This means that you can easily reuse a Secret value in different Services. Secrets are global to the organization, so all Apps and Services can access the same values.
All Secret values are automatically encrypted server-side to ensure secure storage. To prevent unauthorized access, Secret access must be explicitly granted to your Services.
A Secret is composed of a name and a value. The name of a Secret must comply with RFC1123 (opens in a new tab), the DNS naming convention, and can only contain lowercase letters, numbers and dashes.
To create a Secret, click Secrets (opens in a new tab) in the top bar of the Koyeb control panel. In the Add secret box, input a Name and Value and click the Create Secret button.
Secrets are used in Services in the following ways:
- As credentials to authenticate to private Docker registries when deploying Docker images. You can read the private container registry secrets documentation for additional details.
- As a source for setting environment variables to your Services. To find out more about how this works, check the environment variables page.
Make sure no production Service is using your Secret before deleting it as this might generate production failures or outages.
Deleting a Secret is permanent and irreversible. When you delete a Secret, all resources using it will lose access to its value.
To delete a Secret, visit the Secrets page (opens in a new tab) in the Koyeb control panel. Click the context menu associated with the Secret and click Delete secret.
You can attach a Secret to your Service by setting its value to an environment variable in the Service configuration. The Secret's value can then be accessed within your application using your language's environment variable functionality.
For example, if you set a Secret to an environment variable called
DATABASE_URL, you could access it like this: