Managing secrets
To manage your FastStore Secrets, you'll use the WebOps Secrets plugin to encrypt and decrypt the Secrets file. When decoded, the secrets file is stored as secrets.revealed.json and anyone can see and understand the decrypted key-value pairs of your Secrets—once encrypted, the secrets file extension changes to secrets.hidden.json, and every Secret becomes unpredictable and unique.
After committing your code changes into the repository, VTEX IO WebOps will be able to access the secrets.hidden.json file, decrypt and consume your secrets as environment variables so the build process can proceed.
Before you start
Before proceeding any further with this guide, make sure you have performed the initial setup needed to manage your store secrets. If you're not sure about this prerequisite, check for the secrets.revealed.json file at the root of your FastStore project.
For more information, please refer to Setting up the secrets file.
Step by step
Step 1 - Editing your store secrets
Open your FastStore project in any code editor of your choice.
Open the
secrets.revealed.jsonfile. Notice that theaccountkey-value pair is already defined in thesecrets.revealed.jsonfile.According to your scenario, add, modify or delete secrets in the
secrets.revealed.jsonfile. Keep in mind that secret names must obey the following javascript pattern:^[a-zA-Z_][a-zA-Z0-9_]*$. Also, remember that secrets must be defined as key-value items as in the following example:{
"account": "account-name",
"name_of_the_secret": "value of the secret"
}caution
Do not remove the
accountitem from thesecrets.revealed.jsonfile since this information is necessary to build the store.
Step 2 - Hiding your store secrets
After editing your secrets, you must hide them. By encrypting your secrets, you will be able to commit your changes and push them into your remote repository safely.
To encrypt your secrets, run the following command:
vtex secrets hide
That's all! Now you can commit and push your changes to your remote repository.
Notice that whenever you need to update your Secrets, you must run vtex secrets reveal to first decrypt them. The Secrets file extension will change back to secrets.revealed.json and you'll be able to edit it. Once you finish your changes, you must run vtex secrets hide again.