StreamNative Cloud Secrets allow you to store and manage sensitive data such as passwords, tokens, and private keys. A Secret may contain numerous keys. You can create Secrets and refer to them for computing purposes (such as Pulsar connectors and Pulsar Functions).

Create Secrets

The per-secret size is up to 1 Mebibyte (MiB).

To create a Secret using the StreamNative Cloud Console, follow these steps.

  1. On the left navigation pane, in the Admin area, click Secrets.

  2. Click Create Secret.

  3. Configure the Secret.

    • Name: enter the Secret name. The Secret name is unique across an organization. A secret name can contain any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-).|
    • Location: select a Pulsar cluster location for the Secret.
    • Key: enter the key for the Secret. Each key must consist of alphanumeric characters, ’-’, ’_’ or ’.’. The serialized form of the Secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here.
    • Value: enter the value for the Secret. Each value must consist of alphanumeric characters, ’-’, ’_’ or ’.’.
  4. Click Confirm.

Use Secrets

After creating a Secret, you can use it when submitting a function or connector.

  1. Enable your function/connector to access the Secret.
public class ExampleFunction implements Function<String, Void> {
    @Override
    public String process(String input, Context context) {
        String secretValue = context.getSecret("SECRET1"); # access secret value with the name you need; this name will be set during submission
        System.out.println(secretValue) # You should never log or print the secret value in a production environment.
    }
}
  1. Submit the function/connector referring to the Secret.

    The following is an example of using the pulsar-admin CLI tool.

    ./bin/pulsar-admin functions create \
    --jar /pf-examples/pf-examples-jar-with-dependencies.jar \
    --classname io.streamnative.function.SecretFunction \
    --inputs public/default/secret-test \
    --output public/default/test-output \
    --name SecretTest \
    --secrets '{"SECRET1": {"path": "lambda-sink-secret", "key": "awsAccessKey"}}'
    
  • The SECRET1 in the --secrets parameter is the name you used in your function or connector code to access the Secret value.
  • The path in the --secrets parameter is the Secret name you created.
  • The key in the --secrets parameter is the key you used in the Secret.

Delete Secrets

To delete a Secret, follow these steps.

  1. On the left navigation pane, in the Admin area, click Secrets.

  2. Click Delete Secret. A dialog box displays, asking Are you sure you want to delete?

  3. Enter the Secret name and then click Delete Secret.