- English
- 日本語
Working with secret stores
Last updated 2024-05-10
Secret stores give you a secure location to place credentials so they are available to Compute services operating at the Fastly edge.
You can also create and work with secret stores via the API.
Prerequisites
Secret Store is only available for Fastly's Compute services, not for CDN (VCL-based) services.
Limitations and considerations
When creating or making changes to secret stores, keep the following things in mind:
- Trials for Compute include one secret store.
- Paid accounts include a minimum of 10 secrets regardless of the number of stores with additional secrets available for purchase.
- Secret store names can only contain letters, numbers, dashes, underscores, and periods.
- Secret stores support a maximum size of 64KB per secret.
- Secrets are limited to 5 secret reads per Compute request. To increase this limit contact Fastly Support.
- Secrets are limited to 1000 writes per month.
Creating a secret store
Creating a secret store requires you to create at least one key-value pair containing secrets and then associating the store with a service. To create a new secret store and add secrets, follow these steps:
- Log in to the Fastly web interface.
- Go to Resources > Secret stores.
- Click Create a secret store.
- Enter a name for the secret store and then click Add. The secret store you just created appears.
- Click Key-value pairs.
- Click Add item. A row appears where you can add secrets.
- In the Name field, enter a name for the secret.
- In the Secret field, enter the secret value. Alternatively, click Browse for file to upload a secrets file on your system using the file picker.
- Click Add.
- Click Add item to continue adding additional secrets as necessary.
Linking secret stores to a service
Once you've added at least one secret to a secret store, you can link it to a service from the Resources controls or from the service configuration for the service.
Using the Resources controls to link secret stores to a service
To link a secret store to a service from the Resources controls:
- Log in to the Fastly web interface.
Go to Resources > Secret stores.
Click Link to services to the right of the store you want to link.
Select the checkbox next to any services you want to link your secret store to and then click Next.
Decide which version of the service to link to. By default, the system will assume you want to clone the most recently active version of your service. You can choose an existing draft version of the service instead by selecting it specifically from the Version menu.
Select one of the following options for linking the store to your service:
- Link only: links the store to the selected service versions but leaves any cloned or draft versions un-activated so you can activate them at a later time.
- Link and activate: links the store to the selected service versions and activates those versions at the same time.
A success message appears once the secret store is linked to the service.
Finally, do one of the following:
- Click Activate versions to activate any cloned or draft versions of services linked to the secret store.
- Click Finish to leave the cloned or draft service versions un-activated so you can make additional configuration changes to them and activate them at a later time.
Using the service configuration to link secret stores to a service
To link a secret store to a service from the service configuration:
- Log in to the Fastly web interface.
- From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click Service configuration.
- From the Linked resources options in the on-page navigation, click Secret stores.
- From the Link Secret Store to service menu, select the secret store you want to link to the service. A success message appears indicating the store is linked to your service.
Unlinking secret stores
You can unlink a secret store from a service from the service configuration.
To unlink a secret store:
- Log in to the Fastly web interface.
- From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click Service configuration.
- From the Resources options in the on-page navigation, click Secret stores.
- Click Unlink from service next to the secret store you want to unlink from your service.
- Click Confirm and unlink. A new, draft version of the service is created.
- Activate the service to finalize unlinking the secret store.
Editing a secret store
You can edit the secrets within the story or add new secrets to the store from Resources > Secret stores. You can also access this page by clicking Edit in Resources when accessing a secret store from the service configuration.
To edit secrets within a store:
- Expand the Key-value pairs section.
- Hover your cursor over the entry you want to edit, then click the Edit link that appears.
- Update the secret value. Alternatively, click Browse for file to navigate to a file on your system using the file picker.
- Click Save.
To add new secrets to a secret store:
- Expand the Key-value pairs section.
- Under Key-value pairs, click Add item.
- Enter the name and secret in the appropriate columns and then click Add.
- Repeat for any additional secrets.
The changes you make will be immediately applied to your configuration including any deployed service versions associated with the secret store.
Deleting a secret store
You can delete a secret store at any time. Before deleting a secret store:
- Unlink the secret store from your services. If the secret store is linked to any service, an error will appear when you try to delete the store.
- Update any custom logic that references the key-value pairs in the secret store. Deleting a secret store also deletes all key-value pairs within the store.
To delete a secret store:
- Log in to the Fastly web interface.
- Go to Resources > Secret stores.
- Click the trash to the right of the store you want to delete.
- Click Confirm and delete.
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.