Using Secrets in Scripts and Policies
Using SecureAuth's secrets you can safely store confidential data within SecureAuth, access protected resources from within your scripts, and validate policies in your authorization server.
Create Secret
Secrets represent any information that you want to keep confidential. They are encrypted after creation, meaning that their value cannot be retrieved in any way outside of a scripted function or a policy validator.
SecureAuth allows you to define secrets which can be used in JavaScript function calls and policies. The video below shows how to add and manage secrets.
{{< video create_secret.mp4 >}}
Go to Extensions > Secrets in the left-hand menu. The Secrets page opens.
Note
You can also manage secrets from the contextual menu in the Extensions page.
Select Create Secret. Provide the secret name and value in the pop-up window when prompted.
Note
You won't be able to see the secret value after it's saved. It can be only retrieved by an extension script or a policy validator.
Select Create. Your secret is added to the list.
You can manage your secrets from the workspace settings page. Go to Settings -> Secrets to edit secret values, delete secrets, or create new secrets.
Use Secret in Extension
To use your secret in an extension script, provide the secret name within a function via the context.secrets.SCRIPT_NAME reference:
module.exports = async function(context) {
return {
secret: context.secrets.SCRIPT_NAME
};
} Such reference is ready out of the box if you create a script from the Sample with secret template.
Use Secret in Policy
To use your secret in SecureAuth policy editor, refer to it in a policy validator by selecting Secrets as the source or target and providing the secret name. The secret value is then used for comparison in the validator. For more information, read Creating a policy in SecureAuth editor.
To use your secret in a Rego policy, see Rego secret check policy.