Secrets

Secrets are key-value pairs similar to Environment Variables but used to store sensitive data in a secure way.

Secrets should be used for two purposes:

1. to avoid placing sensitive information in your configuration file in plain sight

2. as placeholders for values that might differ between environments

​

Add Secrets

When using secrets, they need to be set in both local and cloud instances.

​

Nhost Local

The Nhost CLI looks up for a .secrets file at the root of your project directory. A typical file looks like the following:

> cat .secrets

HASURA_GRAPHQL_ADMIN_SECRET = 'nhost-admin-secret'
HASURA_GRAPHQL_JWT_SECRET = '0f987876650b4a085e64594fae9219e7781b17506bec02489ad061fba8cb22db'
GRAFANA_ADMIN_PASSWORD = 'grafana-passwd'

​

Nhost Cloud

The secret values for your cloud instance can be set by navigating to your project’s Settings -> Secrets.

​

Reference Secrets

[auth.method.oauth.apple]
enabled = true
clientId = "my-client-id"
teamId = "my-team-id"

keyId = "{{ secrets.APPLE_KEY_ID }}"
privateKey = "{{ secrets.APPLE_PRIVATE_KEY }}"