API/Access management request

rit001 · April 27, 2022, 3:40pm

I need some way to allow an external program to update a single secret, but currently the granularity is only at the config level, not the individual secret level.

The reason is that I have a build system that must update the secret store with the current release tag, but that would mean placing a curl command into the build process with a lot of people being able to see the authentication string and so gaining access to all the secrets in the config.

I can currently work around the issue by just having a defined Workplace/Project/Environment with many configs, each with a single secret and so an issued R/W Service Token for each secret, but I consider that an abuse of the platform even if I manage to stay under your limits/radar. Or if you consider such a configuration (within limits) valid please just let me know.

watsonian · April 27, 2022, 3:51pm

Hi @rit001,

Unfortunately, there’s no way to limit access at that granular a level right now. Probably your best option is what you described. Move the subset of secrets you need the build system to update into a separate config and issue a service token specifically for that config. You can then use secret referencing to have those values in any of the other configs for the project. Doing something like this is definitely not considered abuse, so feel free to do so!

Let me know if you have any additional questions surrounding this!

Thanks,
-Joel

Topic		Replies	Views
How to protect referenced secrets from being seen Need Help	5	612	February 15, 2023
Updating referenced secret names updates references Feature Requests	5	830	September 4, 2024
Doppler Product Update For September ‘24 Announcements	0	24	September 27, 2024
Update Secrets API not working? Need Help	5	400	April 27, 2023
Approval Flow when setting/viewing secrets Feature Requests	4	838	October 3, 2024

API/Access management request

Related topics