Manage Secrets
Scope: This page documents the Secrets dashboard found at
pages/client/[id]/secrets/index.vue. It explains how to create, update and review secret values for a client.
Purpose
Section titled “Purpose”The Secrets interface provides a client-scoped Vault where you can safely keep:
- API tokens (Slack, Discord, Segment …)
- Cloud credentials (AWS access keys, GCP service-account JSON …)
- Database passwords (PostgreSQL, Snowflake …)
Secrets are stored server-side using envelope-encryption and are never exposed in plaintext to the browser after creation.
Key Features
Section titled “Key Features”| Feature | Purpose |
|---|---|
| List View | Browse and search existing secrets |
| Create Secret | Add new secure credentials |
| Update Secret | Rotate existing values |
| Delete Secret | Remove obsolete credentials |
| Permissions | Role-based access control |
I created a secret but it doesn’t appear in my pipeline tasks
Section titled “I created a secret but it doesn’t appear in my pipeline tasks”• Make sure the pipeline run is using the latest client revision so the secret becomes available.
• For BigQuery JSON keys, remember to reference the file path returned by the secret accessor.
Can I export all secrets for backup?
Section titled “Can I export all secrets for backup?”For security reasons, the Vault API only supports single-secret retrieval on the server. We recommend storing credentials in your cloud provider’s secret manager and using Datablast as a runtime cache.
Is version history available?
Section titled “Is version history available?”A versioning API is on the roadmap ( Q4 2025 ). For now, rotate credentials by adding a new secret with a postfix ( e.g. _v2 ) and switching references.
Change Log
Section titled “Change Log”| Date | Author | Notes |
|---|---|---|
| 2025-07-07 | Docs Team | Initial version |