Secure access keys and credentials are typical examples of secret properties. Once created and saved, a secret property value can never be unencrypted or read.

Creating a secret property

1. Log in to Automation Assembler with project administrator role privileges.
2. Go to Infrastructure > Administration > Secrets, and click New Secret.
3. Enter a unique property name for the secret, without spaces or special characters.

   The name is the visible identifier for the secret.

4. Scope the secret to the entire organization or to specific projects.

   To assign the secret to one or more projects, click Assign Projects, select your projects, and click Add.

   You can't associate a secret with the same project twice. You also can't associate two secrets with the same name with the entire organization.

5. Enter the secret value.

   When typing, the value is obscured by default, which protects it if the screen is shared.

   If needed, you can click the eye symbol to reveal and verify a value. After it is saved, a secret value becomes encrypted in the database and can never be re-exposed.

6. Optionally, enter a longer description of the secret property.
7. Click Create.

Adding a secret property to a cloud template

Project users may add a secret property as a binding in cloud template code.

Note that starting to type the '${secret. characters reveals a selection list of secrets that have been created for the project.

If two secrets with the same name but different values exist at the project level and at the organization level, the project secret takes precedence. The organization secret is not available for selection in the cloud template.

type: Cloud.Machine
properties:
  name: ourvm
  image: mint20
  flavor: small
  remoteAccess:
    authentication: publicPrivateKey
    sshKey: '${secret.ourPublicKey}'
    username: root

To add a secret property to a Terraform configuration, see Using a secret Automation Assembler property in a Terraform configuration.