How to Manage Secrets¶
This guide explains how to use Peakhour's Secrets Management feature to securely store, view, and rotate sensitive information like API keys and passwords.
Before you begin: Review the Secrets Management Concepts to understand the security principles of this feature.
Accessing Secrets Management¶
- Navigate to your Account Dashboard.
- In the main navigation, under the "Edge Access" section, click on Service Tokens. Note: The navigation may vary; this feature is often grouped with other security settings.
Creating a New Secret¶
- Click the Create Secret button. This will open the "Create New Secret" modal.
- Secret Name: Enter a descriptive name for your secret (e.g., "Third-Party API Key for Analytics").
- Secret Type: Choose the type of secret you are creating.
API Key
,Password
,Certificate
: Select these if you are providing your own value.Generated
: Select this if you want Peakhour to create a secure, random value for you.
- Entity Type & ID: Associate the secret with an entity.
- Entity Type: Choose whether the secret belongs to an
Account
,Domain
, orUser
. - Entity ID: Enter the corresponding ID. For an account-level secret, this is typically your account ID.
- Entity Type: Choose whether the secret belongs to an
- Secret Value: If you chose a type other than
Generated
, paste the secret value here. This field will not be present forGenerated
secrets. - Expiration Date (Optional): You can set a date and time for the secret to automatically expire.
- Click Create Secret.
Viewing a Secret (One-Time Only)¶
Immediately after creating a secret, a modal will appear displaying its value.
Important: This is the only time the secret value will be shown. Copy it immediately and store it in a secure location (like a password manager or your application's secure configuration). You will not be able to retrieve it again.
- In the "Secret Value" modal, click the Copy icon to copy the secret to your clipboard.
- You can also click the Show/Hide (eye icon) button to toggle the visibility of the secret.
- Once you have securely stored the value, click Close.
Managing Existing Secrets¶
The main page displays a list of all your configured secrets.
Viewing Secret Details¶
- Click on any secret row in the list to expand it.
- This will show additional details like the secret's UUID, Entity Type, Entity ID, and last updated timestamp.
Rotating a Secret¶
Rotating a secret deactivates the old version and creates a new one. This is a crucial security practice.
- Find the secret you wish to rotate in the list.
- Click the Rotate button (circular arrows icon) in the "Actions" column.
- The "Rotate Secret" modal will appear.
- If the secret type requires a value (e.g.,
Password
), enter the New Secret Value. If it's aGenerated
secret, Peakhour will create the new value for you. - Click Rotate Secret.
- A modal will appear displaying the new secret value. Just like with creation, this is your only chance to see and save it.
Secret Status¶
Each secret in the list has a status:
- Active: The secret is valid and can be used.
- Inactive: The secret has been rotated and replaced by a newer version. It is no longer active.
- Expired: The secret has passed its expiration date.