pocketenv/secrets

Manage encrypted secrets attached to a sandbox.

Secrets are similar to environment variables but their values are write-only: the API never returns the stored value. Use them for API keys, passwords, and other sensitive data.

Types

Secret

</>

A secret stored in a sandbox. Only the name is exposed; the value is never returned.

pub type Secret {
  Secret(id: String, name: String, created_at: String)
}

Constructors

Secret(id: String, name: String, created_at: String)

Values

delete

</>

pub fn delete(
  sb: sandbox.ConnectedSandbox,
  id: String,
) -> Result(Nil, pocketenv.PocketenvError)

Deletes the secret identified by id.

list

</>

pub fn list(
  sb: sandbox.ConnectedSandbox,
  limit: option.Option(Int),
  offset: option.Option(Int),
) -> Result(List(Secret), pocketenv.PocketenvError)

Lists secret names for the sandbox. Optionally paginate with limit and offset.

Example

let assert Ok(secrets) = sb |> secrets.list(None, None)

put

</>

pub fn put(
  sb: sandbox.ConnectedSandbox,
  name: String,
  value: String,
) -> Result(Nil, pocketenv.PocketenvError)

Creates or updates a secret named name with value. The value is encrypted client-side with the server’s public key before transmission and is never returned by the API.

Example

let assert Ok(Nil) = sb |> secrets.put("DB_PASSWORD", "s3cr3t")

secret_decoder

</>

pub fn secret_decoder() -> decode.Decoder(Secret)

JSON decoder for Secret.