Platform Secrets Overview

You may need to create a platform secret in one of the following scenarios:

• You're creating a cloud resource plan and the terraform module is in a private repository.
• You're creating a package and one of the following conditions apply:
  • The package definition is stored in a private repository.
  • Additional authentication is required for the package or its configuration to interact with external services e.g. an API key for a monitoring agent.
• You're using a cloud access Cloud Identity when not using Wayfinder's managed identity.

In each of the above scenarios Wayfinder will need the details of the secret.

CLI Instructions

Use the wf create platformsecret [command] [flags] command to create a platform secret.

The interactive CLI command mode is currently unsupported for this feature so you need to specify all the relevant flags.

See the following sections for details:

• Terraform Repo
  • GitHub Token
• Helm Repo
  • BasicAuth
  • TLSClientCert
• Cloud Identity
  • AWSIAMUserKey
  • AzureADClientSecret
  • GCPServiceAccountKey
• Packages
  • Key-value pairs

Web Interface Instructions

See each of the sections below for information on the different steps needed to create a platform secret using Wayfinder's web interface.

Specify General Details

Each platform secret requires a name and description.

Read more >

Specify the Purpose

You must specify what the platform secret is going to be used for. You have the following choices:

• Terraform Repo: Private repo for terraform manifests. Used with Cloud Resources.
• Helm Repo: Private repo for package Helm Charts. Used with package deployments.
• Cloud Identity: Used for a cloud access Cloud Identity when not using Wayfinder's managed identity.
• Package: Used when a package or configuration inside the package needs to interact with an external service or you need to provide additional secret data to a package, such as a licence key.

Specify the Scope

By default, a platform secret's availability is contextual to its purpose:

• Terraform Repo: Available to all cloud resources
• Helm Repo: Available to all package repositories
• Cloud Identity: Available to all cloud identities
• Packages: Available to all packages

Where needed, you can restrict the access of the platform secret to only the specified terraform repo, helm repo, cloud identity or package.

Read more:

• Terraform Repo >
• Helm Repo >
• Cloud Identity >
• Package >

Provide Values for your static credentials

Wayfinder supports values for the following static credentials:

• Terraform Repo
  • GitHub Token
• Helm Repo
  • BasicAuth
  • TLSClientCert
• Cloud Identity
  • AWSIAMUserKey
  • AzureADClientSecret
  • GCPServiceAccountKey
• Packages
  • Key-value pairs

Review your configuration

Wayfinder dispays a table with a summary of the platform secret's configuration that you've provided.

This gives you an opportunity to review the details and make amendments as needed.

Read more:

• Terraform Repo >
• Helm Repo >
• Cloud Identity >
• Packages >

Apply the configuration

Wayfinder displays the YAML code for the configuration.

Choose your preferred method for applying the YAML

• Click Apply: Wayfinder applies the YAML immediately, which creates the platform secret.
• Download the YAML: Save the YAML to file, encrypt it and then check it into your CI.

Read more:

• Terraform Repo >
• Helm Repo >
• Cloud Identity >
• Packages >

What comes next?

• Start by specifying General Details for the Platform Secret.

Related Reading

• See how to Create a Package