Permissions & Roles
The Secrets vault uses role-based access control to ensure secure management of sensitive credentials.
Access Matrix
Section titled “Access Matrix”| Role | View Secrets | Create | Update | Delete |
|---|---|---|---|---|
| Admin | ✅ | ✅ | ✅ | ✅ (API only) |
| User | ✅ | ❌ | ❌ | ❌ |
Role Resolution
Section titled “Role Resolution”User roles are resolved via useUserSession() and checked client-side before rendering privileged actions.
Security Implementation
Section titled “Security Implementation”- Client-Side Checks: UI elements are hidden based on permissions
- Server-Side Validation: All operations are validated on the backend
- Audit Trail: All secret operations are logged for security monitoring
Permission Details
Section titled “Permission Details”View Secrets
Section titled “View Secrets”- All Roles: Can see secret names in the list view
- Restriction: Secret values are never displayed to any role
Create Secrets
Section titled “Create Secrets”- Admin Only: Can add new secrets to the vault
- Validation: Names must be unique within the client scope
Update Secrets
Section titled “Update Secrets”- Admin Only: Can rotate existing secret values
- Protection: Secret names cannot be modified
Delete Secrets
Section titled “Delete Secrets”- Admin Only: Can remove secrets (currently API-only)
- Future: UI confirmation will be added