Secret store
Secrets written to a secret store are encrypted in transit and at rest. Secret store entries are write-only and plaintext secret values cannot be retrieved via the API. The plaintext values are only available to Compute services during their request processing.
A secret store is a persistent, globally distributed store for secrets accessible to Compute services during request processing. Learn more about secret stores.
Data model
name | string | A human-readable name for the store. The value must contain only letters, numbers, dashes (- ), underscores (_ ), or periods (. ). | |
created_at | string | Date and time in ISO 8601 format. Read-only. | |
id | string | ID of the store. |
Client key
A Base64-encoded X25519 public key.
client_key | string | A Base64-encoded X25519 public key that can be used with a libsodium-compatible sealed box to encrypt secrets before upload. | |
expires_at | string | Date and time in ISO 8601 format. Read-only. | |
signature | string | A Base64-encoded signature of the client key. The signature is generated using the signing key and must be verified before using the client key. |
Signing key
Used to verify signatures of client keys.
signing_key | string | A Base64-encoded Ed25519 public key that can be used to verify signatures of client keys. |