Skip to content

Secrets Management in Martini

Effective secrets management is crucial for maintaining the security and integrity of your applications. In Martini, there are several options available for securely storing and managing secrets, such as API keys and other sensitive information.

Options for Storing Secrets

  1. Properties Files (Package Properties or Application Properties) – ⚠ Not Recommended for Production

    Secrets can be stored in properties files, such as package properties or application properties, making them easily accessible within your applications. However, this method is not recommended for production environments, as secrets are stored in plain text, making them vulnerable to unauthorized access.

    • Package Properties: Used to store secrets relevant to a specific package. Secrets are declared in the package.properties file.
    • Application Properties: Used for secrets applicable across the entire application. Store them in the application.properties file to make them accessible to all packages.

    📌 Warning: Since secrets stored in properties files are not encrypted, they should only be used for development or testing purposes. For production, consider a more secure method, such as environment variables or Vault integration.

  2. Environment Variables via a Parameter Store or Secrets Engine

    A more secure way to manage secrets is by using environment variables, which can be configured via a parameter store or a secrets engine. This method ensures that secrets are not hardcoded in your application files.

    • Parameter Store: Many cloud providers offer parameter stores where secrets can be securely stored and retrieved as environment variables.
    • Secrets Engine: If using a secrets management tool like AWS Secrets Manager, secrets can be automatically injected into environment variables, enhancing security without exposing them in the codebase.

  3. Using Native HashiCorp Vault Engine Integration

    For the highest level of security, Martini supports native integration with HashiCorp Vault. This enables advanced secrets management by allowing applications to retrieve secrets dynamically without storing them in configuration files.

    • Setup Vault Integration: Follow the Vault Setup Guide to configure Vault in Martini.
    • Use Vault Functions: Martini provides built-in functions for accessing secrets securely. See the Vault Functions Documentation for implementation details.