Secrets
Secrets are encrypted environment variables that can be used to store sensitive information, such as passwords and API keys. You set a key and a value for your secret: the key serves as the name of the secret, while the value contains your sensitive information.
Unlike regular Environment Variables, secrets are encrypted to ensure their contents remain hidden once encrypted. This security feature is crucial for protecting sensitive data within TagoIO. Secrets are especially beneficial when scripts need to access confidential information without revealing it to users or developers. You can utilize secrets in your Analysis code by retrieving them through the Analysis context, as well as in some Actions.
To start using this feature, access your Admin panel, navigate to the Account menu, and select 'Secrets'.
Creating a Secret
To create a secret, access the 'Secrets' page within your Admin panel and click on '+ New Secret'. It is mandatory to define a Key, Value, and Tags for every secret you create.
- Secret Key: this is the identifier for your secret, which you will use when writing your Analysis scripts.
Please note that Keys cannot be edited once the secret is created, so choose your keys carefully.
- Secret Value: this is the sensitive information that will be encrypted. This field is where you should input any confidential data. You can type in a text value or select between other secret types.
- Tags: this is our labeling system, which is used across various assets within TagoIO. You will utilize the Tag system to give your analysis access to the secrets. Learn more about the Tags System here.
After entering all the necessary information, click 'Save' to create your secret. Each secret is assigned a unique ID, which can be found by selecting a secret from your list and navigating to the 'More' tab.
Types of Secrets
Secrets can be stored in two formats: as plain text or as structured data of specific secret types, which may contain multiple pieces of information. You have the option to choose from various secret types, some of which enable specialized actions involving external entities, such as integration with external email providers.
Text
A secure storage option for text-based data, allows both letters and numbers. This secret can hold up to 2048 characters.
SMTP Secret
This secret is exclusively used for securely storing information required to configure an action that sends emails through external email providers. For more details about this action, please refer to our 'Defining Actions' documentation.
Currently, SMTP supports TLS connections that utilize port 587.
AWS SQS Secret
This secret is exclusively used for securely storing information required to communicate with the Amazon SQS. For more details about this action, please refer to our 'Defining Actions' documentation.
To obtain these values for Amazon SQS, log into your AWS Management Console and navigate to the SQS service. From there, you can retrieve the aws_region, queue_url, access_key_id, and secret_access_key by checking the relevant sections under your SQS queue configuration and IAM user credentials.
How to use Secrets
Secrets are essential for performing certain Actions. For more information on which actions require secrets, refer to the Defining Actions documentation.
You can integrate secrets into your analysis scripts similarly to how you use Environment Variables. Secrets are accessible through the `context.environment` parameter, enabling you to pass variable values directly into your script's context. Additionally, you can overwrite a Secret's value in an Analysis by creating an environment variable with the same Secret Key.
Check out our SDK documentation.
Granting your Analysis access to your Secret
Before utilizing secrets as environment variables in your script, ensure that your analysis has the necessary permissions to access the information within your secret. This is achieved by using the Tags you assigned to your secret to create a policy within the Access Management module. See the example below:
For further information on creating an Access Management policy, read more about Creating a Policy here.
Related Articles
Defining Actions
Actions are initiated based on specific conditions and can execute a variety of tasks. The first step in configuring an Action is to specify the desired action. Below are the different types of actions available: Push Notification to myself This ...Security and Compliance
At TagoIO, we understand that the foundation of trust with our customers is built on the assurance of information security and adherence to legal standards. Our commitment to data privacy and security is embedded in every part of our business. Our ...Environment Variables
Environment Variable is a very useful resource to send variables values to the context of your script. You can, for example, add tokens of accounts and devices to be used later in the script when it runs. The Analysis will get these variables as ...MQTT
TagoIO MQTT Broker is available exclusively for Starter and Scale accounts in the US database region. European database region accounts cannot access this service due to new security requirements, but may utilize third-party MQTT services with TagoIO ...Network Integration
Your devices can always connect directly with TagoIO API using HTTPS or MQTT protocol. But, you can also connect them using different protocols to databases and web services by using one of this methods: Create a script that initiate access to ...