API/Access management request

I need some way to allow an external program to update a single secret, but currently the granularity is only at the config level, not the individual secret level.

The reason is that I have a build system that must update the secret store with the current release tag, but that would mean placing a curl command into the build process with a lot of people being able to see the authentication string and so gaining access to all the secrets in the config.

I can currently work around the issue by just having a defined Workplace/Project/Environment with many configs, each with a single secret and so an issued R/W Service Token for each secret, but I consider that an abuse of the platform even if I manage to stay under your limits/radar. Or if you consider such a configuration (within limits) valid please just let me know.

Hi @rit001,

Unfortunately, there’s no way to limit access at that granular a level right now. Probably your best option is what you described. Move the subset of secrets you need the build system to update into a separate config and issue a service token specifically for that config. You can then use secret referencing to have those values in any of the other configs for the project. Doing something like this is definitely not considered abuse, so feel free to do so!

Let me know if you have any additional questions surrounding this!