Secrets
Managed secrets with auto-generation, presets, and cloud-native secret stores.
Secrets
The secrets section creates entries in your cloud provider's secret management service. Secrets can be auto-generated with configurable parameters or set to custom values after provisioning.
Fields Per Secret
| Field | Type | Description |
|---|---|---|
| Name | Text input | Secret name (alphanumeric + hyphens only) |
| Generate | Toggle | Auto-generate a random value |
| Length | Number | 8–128 characters |
| Special Characters | Toggle | Include !@#$%^&*() in generated value |
Presets
Quick-add buttons create secrets with recommended settings:
| Preset | Length | Special Chars | Use Case |
|---|---|---|---|
| PostgreSQL Password | 32 | Yes | Database master password |
| API Token | 48 | No | Application API key |
| JWT Secret | 64 | No | Token signing key |
| Redis Password | 32 | No | Cache authentication |
| Custom Secret | 32 | No | User-defined |
Secret Store by Provider
AWS Secrets Manager — $0.40/secret/month + $0.05 per 10,000 API calls. Supports automatic rotation, cross-account access, and integration with RDS for database credential management.
Secret Manager — $0.06 per 10,000 access operations. Supports automatic replication, IAM-based access control, and versioning.
Key Vault — $0.03 per 10,000 operations. Supports secrets, keys, and certificates. Integrates with Azure AD for access control.
Integration with Kubernetes
After provisioning, secrets are synced to Kubernetes via the External Secrets Operator (installed by ArgoCD — see GitOps & ArgoCD). This creates Kubernetes Secret resources from cloud secret store entries, keeping them in sync automatically.