The OneOps Secrets Proxy is a proxy server that sits in front of a Keywhiz server used for secrets storage.
Secrets are any file resources that contain information that needs to be kept private and secure. Examples are
- TLS/SSL certificate files/keys
- property files and other files containing usernames, password or access tokens
- API tokens
- Java KeyStore files
The secrets proxy understand the concepts and access configuration of OneOps and allows a user to store secrets in Keywhiz and access them in their OneOps assemblies via the secrets client component.
The source code and REST API documentation can be found on GitHub at https://github.com/oneops/secrets-proxy.
Currently installation requires you to build the proxy from source and deploy it via a custom generated OneOps assembly using one customlb platform with the necessary configuration.
In addition a Keywhiz server installation is required for the secret storage. This installation can be using OneOps via a customlb platform or a similar approach or use a separate deployment outside OneOps.
Once the Secrets Proxy is installed and up and running, the cloud service with
secret has to be added to each cloud and configured to point at the
In addition, a cloud service with the type
certificate has to be configured on