Manage Configurations and Secrets¶
Choreo provides a seamless mechanism to manage and version your component's configurations and secrets as file mounts or environment variables.
Note
All configurations and secrets applied to a Choreo component are stored in an encrypted secret vault in the cloud data plane, which is managed by WSO2. If you are on a private data plane, the configurations and secrets are stored in an Azure key vault or AWS secret manager attached to your data plane in your cloud environment.
The difference between configurations and secrets¶
Choreo considers all configurations and secrets to be sensitive content when storing them, but gives you the option to choose between secret or configuration when you create a file mount or an environment variable.
- Secrets are write-only. Once you create a secret, you cannot see or retrieve its content via the Choreo Console. However, you can overwrite the existing content at any time.
-
Configurations can be read and updated via the Choreo Console after you create them.
Note
If you want to include sensitive data such as database passwords, cloud credentials, service accounts, and so on, the recommended approach is to use a secret instead of a configuration.
Apply a file mount to your container¶
Follow these steps to apply a file mount to a component you have created:
- Go to the Deploy view of the component for which you want to define configurations and secrets.
- Click Configs & Secrets and then click + Create.
-
In the Mount a Configuration pane, do the following:
- Select a Config Type depending on your requirement.
- Select File Mount as the Mount Type.
- Click Next.
-
In the Config Name field, specify a name for the file mount.
Tip
The configuration name does not affect the file mount or its content. It is only a reference to identify the configuration or secret you create.
-
In the Mount Path field, specify where to mount the file inside the container. Use an absolute file path with the file name and extension if applicable.
Tip
The file name in the mount path does not need to match the configuration name or the name of the file you upload.
-
Upload a configuration file or copy and paste the configuration content into the editor.
-
Click Create.
Note
Configurations and secrets are applied immediately to your environment on creation. The running replicas you have undergo a rolling restart to ensure the new content gets reflected in the container.
Apply environment variables to your container¶
Follow these steps to apply environment variables to a component you have created:
- Go to the Deploy view of the component for which you want to define configurations and secrets.
- Click Configs & Secrets and then click + Create.
-
In the Mount a Configuration pane, do the following:
- Select a Config Type depending on your requirement.
- Select Environment Variables as the Mount Type.
- Click Next.
-
In the Config Name field, specify a name.
Tip
The configuration name you specify does not affect the environment variables you set. It is only a reference to identify the configuration or secret you create.
-
Add the necessary environment variables as key-value pairs. You can click Add Item to add any number of environment variables.
-
Click Create.
Update an existing configuration or secret¶
Follow these steps to update a configuration or secret you have defined:
- Go to the Deploy view of the component for which you have defined the configuration or secret.
- Click Configs & Secrets.
- Click the edit icon corresponding to the configuration or secret you want to update and do the necessary changes.
-
Click Save.
Delete an existing configuration or secret¶
Follow these steps to delete a configuration or secret you have defined:
- Go to the Deploy view of the component for which you have defined the configuration or secret.
- Click Configs & Secrets.
- Click the delete icon corresponding to the configuration or secret you want to delete, and enter the name of the configuration or secret.
- Click Confirm.
Manage Ballerina configurables¶
Choreo manages the Ballerina configurables for the Ballerina components you create.
When you deploy or promote a Ballerina application, you can modify the Ballerina configurables via the Build and Deploy page.
Tip
You can use configurables instead of environment variables to add file mounts to a Ballerina component. Environment variables are primarily for components written in other languages.