Docs

Secrets

Use secrets to keep important values used in Actions or Service Templates secure.

Suggest Edits

Configuring an Action or Service Template Webhook will usually include one or more API tokens or other values that you will want to keep secret. To allow you to safely manage these values, OpsLevel allows administrators to manage these values as Secrets.

Secrets page with a few secrets

Secrets page with a few secrets

Secrets are an object in OpsLevel that ensures that values are stored securely and only decrypted before being merged and sent with a webhook request. The values are never returned in our UI or API and will always appear obfuscated in our execution history.

The execution history will always show a secret's value as `********`

The execution history will always show a secret's value as ********

Creating a Secret

  1. Navigate to Settings > Secrets
  2. Press the + New Secret button
  3. Fill in the Secret details in the dialog
    1. Alias: This is the identifier you will use when you want to use the secret's value in an action or service template run. Aliases may only include lowercase alphabetical, numeric and underscore characters. Note: Once created, the alias cannot be changed. To create an alternate alias for a secret, you'll need to create a new Secret.
    2. Owner: The team who owns the Secret and is responsible for understanding its usage and when to rotate the value
    3. Value: The value that will be included in action or service template webhooks when the secret is referred to in a liquid template. Note: Once saved, this value cannot be retrieved.
  4. Press Save
The New Secret Dialog

The New Secret Dialog

Updating a Secret

πŸ“˜

A Secret's alias cannot be changed. To create an alternate alias for a secret, create a new secret.

  1. Navigate to Settings > Secrets
  2. The Owner and Value fields support inline editing. Click on the attribute you want to change and it will switch into edit mode. Pressing Enter in the value text box or choosing a new team in the Owner dropdown will cause a prompt for you to confirm the action you were going to take.
Hovering over the value of a row in the secrets tables will show an edit icon.

Hovering over the value of a row in the secrets tables will show an edit icon.

🚧

Overwriting an existing Secret value permanently replaces its contents. To ensure Actions continue to function correctly, ensure the new secret has the same permissions as the old secret.

Deleting a Secret

🚧

Deleting a Secret will break any action or service template webhooks that referenced it. Only delete secrets, if you are certain they are no longer in use.

  1. Navigate to Settings > Secrets
  2. Identify the row of the Secret you want to delete and press Actions > Delete
  3. Confirm your intent in the dialog that opens.
The Delete Secret confirmation dialog.

The Delete Secret confirmation dialog.

Using a Secret in an Action or Service Template

Secrets can be referenced in Action or Service Template Webhook Configurations in the following fields:

  • Webhook URL
  • Headers
  • Body

To refer to them, use this liquid syntax: {{ '<secret_alias>' | secret }}.

For example, if you create an opslevel_api_token secret with value 123456789 and configured an action with this Webhook URL: https://api.opslevel.com/my/route?token={{ 'opslevel_api_token' | secret }}, then the computed Webhook URL at action runtime would be https://api.opslevel.com/my/route?token=123456789

An Action configuration with secret references in the Webhook URL, Headers and Payload fields.

An Action configuration with secret references in the Webhook URL, Headers and Payload fields.

Updated 10 months ago