Skip to main content

Secrets Manager

Lineserve Secrets Manager provides a secure way to store, manage, and access sensitive information like API keys, passwords, certificates, and other secrets used by your applications and infrastructure.

Overviewโ€‹

Secrets Manager helps you:

  • Centralize Secret Storage: Store all your secrets in one secure location
  • Control Access: Fine-grained access control with IAM policies
  • Audit Access: Track who accessed which secrets and when
  • Rotate Secrets: Automatic and manual secret rotation capabilities
  • Integrate Easily: Native integration with VPS, Kubernetes, and applications

Key Featuresโ€‹

๐Ÿ” Secure Storageโ€‹

  • AES-256 encryption at rest
  • TLS encryption in transit
  • Hardware security modules (HSM) backing
  • Zero-knowledge architecture

๐ŸŽฏ Access Controlโ€‹

  • Role-based access control (RBAC)
  • Time-limited access tokens
  • IP address restrictions
  • Multi-factor authentication support

๐Ÿ”„ Secret Rotationโ€‹

  • Automatic rotation for supported services
  • Custom rotation functions
  • Rotation scheduling and notifications
  • Version history and rollback

๐Ÿ“Š Monitoring & Auditingโ€‹

  • Access logs and audit trails
  • Real-time monitoring and alerts
  • Compliance reporting
  • Integration with monitoring tools

Getting Startedโ€‹

Creating Your First Secretโ€‹

  1. Navigate to Secrets Manager in your Lineserve dashboard

  2. Click "Create Secret"

  3. Choose Secret Type:

    • Database credentials
    • API keys
    • Certificates
    • Custom key-value pairs

  4. Configure the Secret:

    {
      "name": "database-credentials",
      "description": "Production database credentials",
      "type": "database",
      "value": {
        "username": "admin",
        "password": "secure-password-123",
        "host": "db.lineserve.com",
        "port": 5432
      }
    }

  5. Set Access Policies

  6. Enable Rotation (optional)

Accessing Secretsโ€‹

Via APIโ€‹

curl -X GET \
  https://api.lineserve.com/v1/secrets/database-credentials \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Via CLIโ€‹

lineserve secrets get database-credentials

In Applicationsโ€‹

// Node.js example
const { LineserveSecrets } = require('@lineserve/secrets');

const secrets = new LineserveSecrets({
  apiKey: process.env.LINESERVE_API_KEY
});

const dbCredentials = await secrets.get('database-credentials');

Secret Typesโ€‹

Database Credentialsโ€‹

Store database connection strings, usernames, and passwords with automatic rotation support.

API Keysโ€‹

Manage third-party API keys with usage tracking and automatic renewal.

SSL/TLS Certificatesโ€‹

Store and manage certificates with expiration monitoring and auto-renewal.

Custom Secretsโ€‹

Store any key-value pairs for application configuration and sensitive data.

Access Managementโ€‹

Creating Access Policiesโ€‹

{
  "name": "production-app-policy",
  "effect": "Allow",
  "actions": [
    "secrets:GetSecret",
    "secrets:ListSecrets"
  ],
  "resources": [
    "arn:lineserve:secrets:*:*:secret/production/*"
  ],
  "conditions": {
    "IpAddress": {
      "lineserve:SourceIp": ["10.0.0.0/8"]
    }
  }
}

Role-Based Accessโ€‹

  • Admin: Full access to all secrets
  • Developer: Read access to development secrets
  • Application: Limited access to specific secrets
  • Auditor: Read-only access for compliance

Secret Rotationโ€‹

Automatic Rotationโ€‹

Supported for:

  • Database passwords
  • API keys (where supported by provider)
  • Service account tokens

Manual Rotationโ€‹

# Rotate a secret manually
lineserve secrets rotate database-credentials

# Schedule rotation
lineserve secrets schedule-rotation database-credentials --interval 30d

Integration Examplesโ€‹

With VPS Instancesโ€‹

# Install secrets agent on VPS
curl -sSL https://get.lineserve.com/secrets-agent | bash

# Configure agent
echo "LINESERVE_API_KEY=your-api-key" > /etc/lineserve/secrets-agent.conf

# Access secrets in applications
export DB_PASSWORD=$(lineserve-secrets get database-credentials --field password)

With Kubernetesโ€‹

apiVersion: v1
kind: Secret
metadata:
  name: app-secrets
  annotations:
    lineserve.com/secret-name: "production/app-config"
type: Opaque
data:
  # Automatically populated by Lineserve Secrets Controller

With Dockerโ€‹

# Use secrets in Docker containers
FROM node:18
COPY . .
RUN npm install

# Secrets injected at runtime
CMD ["node", "app.js"]

Pricingโ€‹

FeatureFree TierProEnterprise
Secrets101,000Unlimited
API Calls/month1,000100,000Unlimited
RotationManualAutomaticAdvanced
SupportCommunityEmail24/7 Phone
PriceFree$10/monthCustom

Security & Complianceโ€‹

  • SOC 2 Type II certified
  • ISO 27001 compliant
  • GDPR compliant
  • HIPAA eligible
  • PCI DSS Level 1

Best Practicesโ€‹

Secret Namingโ€‹

  • Use descriptive, hierarchical names
  • Include environment prefixes
  • Follow consistent naming conventions

Access Controlโ€‹

  • Apply principle of least privilege
  • Use temporary credentials when possible
  • Regularly audit access permissions

Rotation Strategyโ€‹

  • Enable automatic rotation for critical secrets
  • Test rotation procedures regularly
  • Monitor rotation failures

Troubleshootingโ€‹

Common Issuesโ€‹

Secret Not Found

  • Verify secret name and path
  • Check access permissions
  • Ensure secret exists in correct region

Access Denied

  • Review IAM policies
  • Check API key permissions
  • Verify IP restrictions

Rotation Failures

  • Check service connectivity
  • Verify rotation function code
  • Review error logs

API Referenceโ€‹

Authenticationโ€‹

All API requests require authentication via API key or IAM role.

Endpointsโ€‹

Get Secretโ€‹

GET /v1/secrets/{secret-name}

Create Secretโ€‹

POST /v1/secrets

Update Secretโ€‹

PUT /v1/secrets/{secret-name}

Delete Secretโ€‹

DELETE /v1/secrets/{secret-name}

List Secretsโ€‹

GET /v1/secrets

Next Stepsโ€‹