Local secrets management¶

The management of local secrets, used by developers to replace Arkindex secrets when running workers locally, is also documented by the Arkindex documentation, with a troubleshooting section.

arkindex secrets $SECRET_NAME

Environment setup¶

To manage your local secrets, you need to inform the CLI of the text editor to use for the creation and edition of those secrets, and to have a GPG key set up for encryption and decryption.

Configure a text editor¶

Add export EDITOR=$EDITOR to your shell's startup script (~/.bashrc, ~/.profile, ~/.zshrc…), where $EDITOR is the command the CLI should run to open your text editor. For example, export EDITOR=vim will make the CLI use Vim, and export EDITOR=gedit will make it use gedit.

If no editor is setup, the command will use Vim by default.

Create a GPG key¶

You need a GPG key to encrypt and decrypt your local secrets. If you do not already have one set up, you can follow this tutorial to create one.

Managing local secrets¶

To create a new local secret, enter the following command:

arkindex secrets $SECRET_NAME

where $SECRET_NAME is the name under which you want to save your new secret. You will then be prompted to select a GPG key to use, by entering its ID; you can then type your secret, then save and close the file.

To edit an existing secret, enter the same command:

arkindex secrets $SECRET_NAME

where $SECRET_NAME is the name of the secret you want to edit. The GPG key you selected when creating this secret will be used, so you only have to type in your secret, then save and close the file.

The deletion of a secret is not handled by the CLI itself, but you can delete secrets by deleting the corresponding files in your ~/.config/arkindex/secrets/ folder.