Skip to content

Secrets Management in Martini

Effective secrets management is crucial for maintaining the security and integrity of your applications. In Martini, there are several options available for securely storing and managing secrets, such as API keys and other sensitive information.

Options for Storing Secrets

  1. Properties Files (Package Properties or Application Properties)

    Secrets can be stored in properties files, which can be either package properties or application properties. This method allows for easy access to secrets within your applications.

    • Package Properties: These are specific to the package and can be used to store secrets that are relevant only to that particular package. To store a secret, simply declare it in the package.properties file.
    • Application Properties: These are used for secrets that are relevant across the entire application. Store them in the application.properties file to make them accessible to all packages.

  2. Writing to Environmental Variables via a Parameter Store or Secrets Engine

    Another method for managing secrets is to use environmental variables, which can be configured via a parameter store or secrets engine. This approach allows you to separate secrets from your application code, enhancing security.

    • Parameter Store: Many cloud providers offer parameter stores where you can securely store and retrieve secrets as environmental variables. This provides a centralized way to manage secrets.
    • Secrets Engine: If using a secrets management tool like AWS Secrets Manager, you can write secrets directly to environmental variables using the secrets engine, which facilitates secure access to secrets without hardcoding them in your application.

  3. Using Native Hashicorp Vault Engine Integration

    For enhanced security, Martini supports native integration with Vault engines, allowing for advanced secrets management. For details on setting up Vault, please refer to the Vault Setup Guide. You can also utilize the available Vault functions in your applications as described in the Vault Functions Documentation.