Skip to main content
Version: 4.12.x.x LTS

Secrets and Files

Overview

The Secret & Files functionality supports the creation of global (tenant level) secrets, files and secret files (later mentioned as "secrets" and "files") and the usage of these artifacts in multiple inventories. The Secret & Files screen allows you to manage all your secrets and files in one central place. You can get a quick overview of what secrets and files you have and where they are used. Together with the used secrets and files you can also find the "unused" or "unlinked" ones and manage them.

  • Unused: The status of global secrets and files that are not used in any inventory yet.

  • Unlinked: The status of secrets and files that were created on inventory level but removed from the inventory, and that are currently not used in any inventory. You can perform the following actions from the Secret & Files screen:

  • View all your secrets and files used in a single or multiple inventories.

  • View and edit the content of your secrets.

  • View and replace the content of your files.

  • Download your files.

  • Delete your secrets and files.

  • Create a global secret that can be used in and referenced from your inventory. For further details, see the chapters below.

  • Upload a global file that can be used in and referenced from your inventory. For further details, see the chapters below.

The above actions are restricted by permissions. For further details, see the next chapter.

Permissions

The actions related to the secret and files are restricted by permissions. For an overview of these permissions, see the Permissions table in chapter Managing Users and Groups via REST.

Global (Tenant) Secret and Files

The Global Secret & Files feature allows you to use the same secret or file in multiple inventories. An update of your global secret or file will affect all inventories where the given global secret or file is used in. You no longer need to make the changes one by one in each inventory.

Note that to apply your configuration you have to make a deployment as always. The following sections show how to create and use a global secret and file.

Creating a global secret / file

  1. Open the Secret & Files screen by selecting the Secret & Files option from the Global Settings menu in the sidebar of the Administration tab.
  2. In the Secret & Files screen, the following buttons are available:
  3. Create global secretFor more details, see the section Create global secret further below.
  4. Upload global secret fileFor more details, see the section Upload global secret file further below.
  5. Upload global fileFor more details, see the section Upload global file further below.
  6. Define a secret or upload a (secret) file to make it a global secret or file.
  7. You can now link this global secret or file to your project and reference it from your inventory. See the next section how to proceed.

Using and referencing the created global secret/file

  1. Create a variable in the pattern property where you want to use the created secret/file.
  2. Open the relevant inventory file in the Inventory Editor and insert your variable.
  3. Reference the global secret/file in your variable by performing one of the next two options:
  4. Copy the ID (that is, Secret ID, Secret resource ID and Resource ID) from the Secret & Files screen and paste it to your variable in the inventory editor.
  5. Select one of these actions in the Inventory Editor and use the Or select existing secret drop-down in the opened dialog screen to select the global secret/file:
  • Insert secret button For more detailed information on inserting a secret, see the chapter Working with Secrets.
  • Attach certificate button For more detailed information on attaching a certificate, see the chapter " [Working with Certificates.
  • Attach file button For more detailed information on attaching a file, see the chapter Working with Inventory File Attachments.
  • Attach secret file button For more detailed information on attaching a secret file, see the chapter Working with Inventory File Attachments.
  1. Click the Save changes button. The global secret/file is now linked to your variable.

Making a deployment to apply your configuration

The next figure shows how to create and use the global secrets and files in your inventory:

Global secret and files

Secret & Files

The Secret & Files screen shows the secrets, files and secret files in separate sections. The following filters are available:

  • Scope:
  • Search filter:

Plain text secrets

The Plain text secrets section shows the plain text secrets. It consists of the following elements:

  • Secret ID:
  • Used in:
  • Description:
  • Action:
  • Create global secret button:
Plain text secrets

Creating a global secret

If you want to use your secret in multiple inventories, create it as a global secret by clicking the Create global secret button. Once you have created a global secret, you can use it as often as you want in as many inventories as you want. You only need to reference the global secret ID from the respective variable, to link the variable to the global secret. Whenever the content of your global secret is updated, the update is reflected in all places where the global secret is used (referenced).

Permissions

Note that the Create global secret action is restricted by the MODIFY_TENANT permission. For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to create a global secret:

  1. Click the Create global secret button to open the Create global secret dialog screen.
  2. Define a secret.
  3. Add a description, if needed. The description will be visible in the Secret & Files screen and also in the Inventory Editor on hovering over the inserted global secret.
  4. Click the Createbutton.
  5. The global secret will be created and displayed as "Unused" in the Plain text secrets table.

The following movie shows how to create a global secret:

How to create a global secret

Viewing a secret content

You can view the content of the secret after creation.

Permissions

Note that view secret content action is restricted by:

  • VIEW_SECRET_CONTENT_TENANT - for global secrets.
  • VIEW_SECRET_CONTENT_INVENTORY - for inventory level secrets.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to view a secret content:

  1. Find your secret in the Plain text secrets table.
  2. In the Action column, click the View content icon.
  3. The View content dialog screen opens and shows the secret content.

The following movie shows how to view a secret content:

How to view a secret content

Editing a secret content

You can edit the content of the secret. Note that the reference ID remains the same - only the content will be changed.

Permissions

The edit content action is restricted by the following permissions:

  • MODIFY_TENANT - for global secrets.
  • MODIFY_INVENTORY - for inventory level secrets.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to edit a secret content:

  1. Find your secret in the Plain text secrets table.
  2. Click the Edit content icon in the Action column.
  3. The Edit content dialog screen is opened.
  4. Edit the secret content.
  5. Change the description, if needed. The description will be visible in Secret & Files screen and also in the inventory editor on hovering over the inserted global secret.
  6. Click the Save button.
  7. The secret content and description will be updated.

The following movie shows how to edit a secret content:

How to edit a secret content

Deleting a secret

You can delete the secret. Note that this action is irreversible - the secret will be deleted permanently.

Permissions

The delete secret action is restricted by the following permissions:

  • MODIFY_TENANT - for global secrets.
  • MODIFY_INVENTORY - for inventory level secrets.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to delete a secret:

  1. Find your secret in the Plain text secrets table.
  2. Click the Delete icon in the Action column.
  3. The Warning dialog is opened.
  4. Click the Delete button.
  5. The secret will be permanently deleted.

Even if the secret is removed from the Secret & Files screen, its reference ID remains in the referring variable in the inventory. It has to be removed manually.

The following movie shows how to delete a secret:

How to delete a secret

Secret files

The Secret files section displays the secret files. It contains the following elements:

  • Secret resource ID:
  • Used in:
  • Description:
  • File name:
  • Action:
  • Upload global secret file button:
Secret files

Uploading a global secret file

If you want to use your secret file in multiple inventories, upload it as a global secret file by clicking the Upload global secret file button. Once you have uploaded a global secret file, you can use it as often as you want in as many inventories as you want. You only need to reference the global secret file's Secret Resource ID from the respective variable, to link the variable to the global secret file. Whenever your global secret file is replaced, this update is reflected in all places where the global secret file is used (referenced).

Permissions

Note that the Upload global secret file action is restricted by the MODIFY_TENANT permission.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to create a global secret file:

  1. Click the Upload global secret file button and select the file you would like to upload.
  2. The Upload global secret file dialog screen is opened.
  3. Add a description, if needed. The description will be visible in Secret & Files screen and also in the inventory editor on hovering over the inserted global secret file.
  4. Click the Upload button.
  5. A global secret file will be uploaded and displayed as "Unused" in the Secret files section.

Certificate upload

If you would like to upload a certificate, note that the file must be a valid certificate file in PEM format (with .pem extension). All uploaded certificates can be viewed in the Certificatesscreen. More details are described in the chapter Certificates.

The following movie shows how to upload a global secret file:

How to upload a global secret file

Viewing and downloading a secret file

You can view the content of the secret file by using the View content action. The Download file function is available in View content dialog screen.

Permissions

Note that the view secret file content action is restricted by the following permissions:

  • VIEW_SECRET_CONTENT_TENANT - for global secret files.
  • VIEW_SECRET_CONTENT_INVENTORY - for inventory level secret file.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to view and download a secret file:

  1. Find your secret file in the Secret files section.
  2. Click the View content icon in the Action column.
  3. TheView content dialog screen is opened.
  4. The file content is displayed on the screen. If the file content cannot be parsed (e.g. the file is image or .zip), it can still be downloaded.
  5. If you want to download the file, click the Download file button.

The following movie shows how to view and download a secret file:

How to view and download a secret file

Replacing the secret file content

You can replace the secret file via the Replace content action.

Content update

Note that after replacing the file, only the content of the file will be updated but the reference ID (inv-res-secret://<id>#fileName>) remains the same. If you upload a file with a new file name, this will not update its reference in the inventory. Therefore, an outdated file name will be shown in the reference (inv-res-secret://<id>#fileName>) in the inventory. However, the new file name can be seen in the Secret & Files screen.

Permissions

Note that the replace secret file action is restricted by the following permissions:

  • MODIFY_TENANT - for global secret files.
  • MODIFY_INVENTORY - for inventory level secret files.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to replace a secret file content:

  1. Find your secret file in the Secret files section.
  2. Click the Replace content icon in the Action column and select the new file you would like to upload.
  3. The Replace content dialog screen is opened.
  4. Modify a description, if needed.
  5. Click the Replace button.
  6. The secret file content will be replaced with the selected new file, but the reference ID remains the same.

The following movie shows how to replace a secret file content:

How to replace a secret file content

Deleting a secret file

You can delete the secret file. Note that the secret file will be deleted permanently and irreversible.

Permissions

Note that the delete secret file action is restricted by the following permissions:

  • MODIFY_TENANT - for global secret files.
  • MODIFY_INVENTORY - for inventory level secret files.

For more details, see the Permissions table in chapter Managing Users and Groups via REST.

Perform the following steps to delete a secret file:

  1. Find your secret file in the Secret files section.
  2. Click the Delete icon in the Action column.
  3. The Warningdialog is opened.
  4. Click the Delete button.
  5. The secret file will be permanently deleted.

Even if the secret file is removed from the Secret & Files screen, its reference ID remains in the referring variable in the inventory. It has to be removed manually.

The following movie shows how to delete a secret file:

How to delete a secret file

Files

The Files section shows the files. It contains the following elements:

  • Resource ID:
  • Used in:
  • Description:
  • File name:
  • Action:
  • Upload global file button:
Files

Uploading a global file

See the description in the [Upload global secret file] section.

View and download file

See the description in the [View and download secret file] section.

Note that the required permission to view the file content is different:

  • VIEW_INVENTORY

Replace file content

See the description in the [Replace secret file content] section.

Delete file

See the description in the [Delete secret file] section.