Platform
Secrets
Configure your Backend with Sensitive Data
Secrets are key-value pairs similar to Environment Variables but used to store sensitive data in a secure way.
Secrets should be used for two purposes:
-
to avoid placing sensitive information in your configuration file in plain sight
-
as placeholders for values that might differ between environments
Add Secrets
When using secrets, they need to be set in both local and cloud instances.
Nhost Local
The Nhost CLI looks up for a .secrets
file at the root of your project directory. A typical file looks like the following:
Terminal
> cat .secrets
HASURA_GRAPHQL_ADMIN_SECRET = 'nhost-admin-secret'
HASURA_GRAPHQL_JWT_SECRET = '0f987876650b4a085e64594fae9219e7781b17506bec02489ad061fba8cb22db'
GRAFANA_ADMIN_PASSWORD = 'grafana-passwd'
Nhost Cloud
The secret values for your cloud instance can be set by navigating to your project’s Settings -> Secrets.
Reference Secrets
nhost/nhost.toml
[auth.method.oauth.apple]
enabled = true
clientId = "my-client-id"
teamId = "my-team-id"
keyId = "{{ secrets.APPLE_KEY_ID }}"
privateKey = "{{ secrets.APPLE_PRIVATE_KEY }}"