The OneOps Secrets Proxy is a proxy server that sits in front of a
used for secrets storage.
Secrets are any file resources that contain information that needs to be kept
private and secure. Examples are
- TLS/SSL certificate files/keys
- property files and other files containing usernames, password or access tokens
- API tokens
- Java KeyStore files
The secrets proxy understand the concepts and access configuration
of OneOps and allows a user to store secrets in Keywhiz and access them in
their OneOps assemblies via the
secrets client component.
The source code and REST API documentation can be found on GitHub at
Currently installation requires you to build the proxy from source and deploy it
via a custom generated OneOps assembly using one customlb platform with the
In addition a Keywhiz server installation is required for the secret
storage. This installation can be using OneOps via a customlb platform or a
similar approach or use a separate deployment outside OneOps.
Once the Secrets Proxy is installed and up and running, the cloud service with
secret has to be added to each cloud and configured to point at the
In addition, a cloud service with the type
certificate has to be configured on