Secrets
In the world of software development, safeguarding sensitive information is critical. Whether you're dealing with API keys, authentication tokens, or other confidential data, secrets play an important role in maintaining application security. In this article, you'll learn how to add and manage your secrets and how Replit handles secrets in a collaborative environment.
What are Secrets?
Secrets are encrypted variables you can store within your Repl to keep sensitive information safe. With APIs, databases, or other external services, secrets allow you to securely pass authentication credentials without exposing them directly in your code.
Login to Replit and create a Repl or open an existing one. In your workspace, navigate to the Tools pane and select Secrets, or in any pane, you can select the + and type Secrets. Now, you can create, edit, and manage your secrets here.
Encryption of Secrets
This section helps you understand how secrets are encrypted in Replit.
- Secrets data is encrypted with AES-256 at rest, and encryption keys are stored in a secure location that is protected by multiple layers of security.
- To help protect against key compromise, encryption keys are rotated regularly.
- Data in transit is encrypted using TLS. These measures safeguard your Secrets against breaches and vulnerabilities to ensure secure storage and protection.
Manage Secrets
This section helps you add new secrets, edit existing secrets, and access your secrets in your code. In your Repl workspace, navigate to the Tools pane and select Secrets.
Add Secrets
Use the + New Secret button to add new Secrets to your Repl. You can add the Secret Key, and Value of your choice and select Add Secret.
Edit Secrets
While you're on the Secrets tab, you can edit your secrets in two ways:
- Using the Ellipsis: Select the three dots next to the secret you want to change. Then, choose Edit to update the key or value.
- Edit as JSON: Select the Edit as JSON button at the top of the Secrets tab. This lets you edit multiple secrets at once. Once you're done, select Save.
If you don't see your secrets updated in your Repl, try reloading the page to ensure they appear.
Accessing Secrets
Secrets are accessed in your code as Environment Variables. Here are some examples of widely used programming languages:
Python
import os
print(os.getenv("MY_SECRET"))
JavaScript
console.log(process.env.MY_SECRET);
Java
System.out.println(System.getenv("MY_SECRET"))
The HTML/CSS/JS
Repls don't have Secrets since they are statically hosted.
Handling Secrets in a collaborative environment
This section helps you understand how secrets work when you're collaborating with others. Here's what you need to know:
Collaborators
If you invite a collaborator using a Join link, the collaborator will be able to see your Secret keys and also its values. This makes it easier for everyone to work together and share information.
If a member of your Organization joins your Repl as a collaborator, they will be able to see the secret values if they have the Owner
role on the Repl. If they are not an Owner
, the secret values will be hidden. While they are hidden from the UI, secrets are implemented as environment variables, so they are still accessible via commands.
Cover page visibility
Secrets are kept hidden on the Repl's cover page to protect your privacy and keep your information safe—only people you trust and give permission to can access and manage secrets within the Repl.
Fork from the cover page
When you fork a Repl from the cover page, you'll see the keys of the secrets but not their values.
Fork a Repl
When you fork a Repl that you own or are a collaborator on, you'll see the secret keys and values copied to the new Repl.
When you fork a Repl that you are not an owner or collaborator of, you'll receive the secret keys but not their corresponding values from the original Repl.
When you fork a Repl in your Orgnaization, if you have the Owner
role, you'll recieve the secret keys and values. If you do not have the Owner
role, you'll receive the secret keys but not their corresponding values from the original Repl.