Work with Secrets

StreamNative Cloud Secrets allow you to store and manage sensitive data such as passwords, tokens, and private keys. A Secret may contain numerous keys. You can create Secrets and refer to them for computing purposes (such as Pulsar connectors and Pulsar Functions).

Create Secrets

Note

The per-secret size is up to 1 Mebibyte (MiB).

To create a Secret using the StreamNative Cloud Console, follow these steps.

  1. On the left navigation pane, in the Admin area, click Secrets.

  2. Click Create Secret.

    screenshot of creating secrets

  3. Configure the Secret.

    • Name: enter the Secret name. The Secret name is unique across an organization. A secret name can contain any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-).|
    • Location: select a Pulsar cluster location for the Secret.
    • Key: enter the key for the Secret. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the Secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here.
    • Value: enter the value for the Secret. Each value must consist of alphanumeric characters, '-', '_' or '.'.
  4. Click Confirm.

Use Secrets

After creating a Secret, you can use it when submitting a function or connector.

  1. Enable your function/connector to access the Secret.

    public class ExampleFunction implements Function<String, Void> {
        @Override
        public String process(String input, Context context) {
            String secretValue = context.getSecret("SECRET1"); # access secret value with the name you need; this name will be set during submission
            System.out.println(secretValue) # You should never log or print the secret value in a production environment.
        }
    }
    
  2. Submit the function/connector referring to the Secret.

    The following is an example of using the pulsar-admin CLI tool.

    ./bin/pulsar-admin functions create \
    --jar /pf-examples/pf-examples-jar-with-dependencies.jar \
    --classname io.streamnative.function.SecretFunction \
    --inputs public/default/secret-test \
    --output public/default/test-output \
    --name SecretTest \
    --secrets '{"SECRET1": {"path": "secret-example", "key": "MY_SECRET_KEY"}}' # ref the value of `MY_SECRET_KEY` in `secret-example` with the `SECRET1` name
    

Note

Currently, you can only specify the secret for functions and connectors by using the pulsar-admin CLI tool. The support through the pulsarctl CLI tool and StreamNative Cloud Console is coming soon.

Delete Secrets

To delete a Secret, follow these steps.

  1. On the left navigation pane, in the Admin area, click Secrets.

  2. Click Delete Secret. A dialog box displays, asking Are you sure you want to delete?

  3. Enter the Secret name and then click Delete Secret.

Previous
Authorization and ACL