`local` Secret Store 

The local secret store stores secrets on the local filesystem, symetrically encrypted with a password. It’s not meant for production use, but it should be good enough for local development and experimentation.

Contents

local Secret Store

Configuration 

pydantic model hydroplane.secret_stores.local.Settings

field secret_store_type: Literal['local'] = 'local'

field store_location: Path [Required]: the location of the secret store

field password: Optional[SecretStr] = None

DO NOT EDIT - overwritten at runtime once a password is prompted from the user

Constraints

type = string
writeOnly = True
format = password

Example Configuration Snippet 

Here’s an example configuration snippet for the local secret store:

secret_store:
  secret_store_type: local
  store_location: ~/.hydro_secrets

Initializing a Local Secret Store 

To initialize your local secret store:

bin/local-secret-store init

You’ll be prompted to enter a password for the secret store. By default, it will be initialized in ~/.hydro_secrets but you can change its location by adding the --store-location flag to the above command.

Adding a Simple Secret to the Secret Store 

To add a secret to the secret store:

bin/local-secret-store add <secret name>

You’ll be prompted to enter the password for the secret store, and then prompted to enter the contents of the secret itself.

Here’s an example of what that might look like:

$ bin/local-secret-store add my-secret

Enter the password for the secret store: ***********
Enter the contents of the secret: hello world
INFO:root:Adding secret my-secret

$ bin/local-secret-store get my-secret

Enter the password for the secret store: ***********
hello world

Adding Longer or More Complex Secrets to the Secret Store 

Entering a secret from a prompt is useful for secrets like passwords and authentication tokens that aren’t very long or complicated. Some secrets are longer or more complex, like a certificate or a private key, and don’t lend themselves well to being typed or pasted in at a prompt.

To add the contents of a file as a secret:

bin/local-secret-store add -f <input filename> <secret name>

You’ll be prompted to enter the password for the secret store, and the provided input file’s contents will be stored in the secret.

Here’s an example of what that might look like:

$  echo "this is a secret token" > token.txt

$ bin/local-secret-store add -f token.txt my-secret-token

Enter the password for the secret store: ***********
INFO:root:Adding secret my-secret-token

$ bin/local-secret-store get my-secret-token

Enter the password for the secret store: ***********
this is a secret token

Removing a Secret from the Secret Store 

To remove a secret from the secret store:

bin/local-secret-store remove <secret name>

Here’s an example of what that might look like:

$ bin/local-secret-store remove my-secret-token

Enter the password for the secret store: **********
INFO:root:Deleting secret my-secret-token

local Secret Store

Configuration

Example Configuration Snippet

Initializing a Local Secret Store

Adding a Simple Secret to the Secret Store

Adding Longer or More Complex Secrets to the Secret Store

Removing a Secret from the Secret Store

`local` Secret Store 

Configuration 

Example Configuration Snippet 

Initializing a Local Secret Store 

Adding a Simple Secret to the Secret Store 

Adding Longer or More Complex Secrets to the Secret Store 

Removing a Secret from the Secret Store 