Secrets Management

Secrets managers offer centralized control, storage, and management of API keys, passwords, certificates, and any other sensitive information. Hyperscience’s secrets-management integration allows System Admins to take advantage of the following features: 

  • Policy enforcement

  • Role-based access control

  • Auditing of secrets

  • Reducing the need to store sensitive data on disk

Supported secrets-management integrations

Hyperscience offers the following integrations:

Limitations and validations

  • Secrets managers are available only for on-premise or private cloud deployments of Hyperscience.

  • The secrets-management integration is optional. You can continue storing all of your credentials in the “.env” file or store only some of your credentials in the secrets manager. 

  • You can store only system-level credentials in the secrets manager.

  • You can’t store the credentials for any integrations that are configured within the Hyperscience application, such as credentials for API endpoints, message queues, and other connectors. You need to store these integrations’ credentials in the Hyperscience application. 

  • The Hyperscience application starts only if all system-level credentials are successfully fetched from the secrets manager. Our integration has validations that prevent the application from starting if the secrets manager is incorrectly configured.

  • To maximize the benefits of using a secrets manager, we recommend following the guidelines outlined in Best Practices for Using a Secrets Manager.

Secrets Managers and SaaS deployments 

The Hyperscience cloud services use Kubernetes to execute their workloads. Hashicorp Vault has its own sidecar container, able to inject secrets inside pod volumes based on annotations. To create a bridge between both, we use ExtrernalSecrets custom resource definition to generate native Kubernetes secrets. 

Next Steps

Learn how to configure your secrets manager integration in the following articles: