Secrets

Secrets are pieces of configuration data that are confidential and need to be handled especially sensitively; i.e. they are secret. AWTS supports standard mechanisms for handling secrets in Docker, and the Configurator will generate standard configuration files for you.

Configuration values that are flagged as secrets can either be entered directly as environment variables, or you can specify a path to a secrets file.

Using a secrets file, and a hosted secrets manager tool, is best practise but may introduce undue complexity on small installations like running AWTS privately on your own workstation. This is why both methods are supported.

The Configurator will set up docker-compose.yml appropriately with secrets definitions if you choose. However how to actually set/manage the secrets' values is dependent on what secrets management tool you use.

Example

For example, if a module has the configuration variable apikey (env var AW_APIKEY) and your secret API key is abc123DEF456 then you can either configure the value directly:

  environment:
    - AW_APIKEY=abc123DEF456

Or use a secrets file path:

  environment:
    - AW_APIKEY=/path/to/secrets/file

In the latter case, the AWTS app will read the contents of the specified file and use that as the configuration value instead.