2.9 KiB
2.9 KiB
description
| description |
|---|
| beOS Pro secrets management system principles, detailing vault items, credentials, secrets and integration credentials classification. Explains sensitive data storage strategies. |
Secrets
beOS Pro categorizes secrets based on usage scenarios and employs various management techniques.
| Data Type | Storage Location | Leak Risk | Usage | |
|---|---|---|---|---|
| Vault items | Includes website and database passwords, blockchain private keys, etc. |
Vault | Encrypted data in beOS Pro ensures that third parties cannot view even upon logging in | Each use requires a signature from beOS Pro app |
| Credentials | System access credentials obtained post-secure authentication: Tokens, Cookies, etc. |
Infisical | Viewable by third parties post-authentication in beOS Pro by following specific steps | Available to applications through an API after obtaining Provider permissions |
| Secret | Sensitive data used in Pod containers, like database connections and admin accounts |
ETCD | Directly visible in Control Hub | Used in Helm deployment templates; secret values are injected into environment variables via valueFrom -> secretKeyRef |
Integration credential
Users can enable applications within beOS Pro to access external service credentials by logging into third-party service accounts through Settings. Examples include:
- Logging in to Remote Space allows the backup service to request tokens for automated backend backups.
- Logging into Google enables Files to synchronize with data from Google Drive.
Applications in beOS Pro can retrieve these third-party service credentials via the Service Provider.
Application credential
- Applications within beOS Pro can manage and utilize credentials via system-provided interfaces.
- Credentials generated by an application are exclusively restricted to that application's use.