Hey, come here a minute… want to know a secret? Well, you can’t! Altis now has the ability to securely store secrets like API tokens, backed by our world-class secure infrastructure.
Keeping sensitive information safe has always been a challenge for developers—especially when it comes to securely managing secrets like API tokens, access keys, and other credentials. That’s why Altis Cloud has launched a brand new secrets and variables manager, making it easier for teams to store these secrets securely, outside of their codebases, and manage them effortlessly.
A powerful collaboration with NerdWallet
Developed in partnership with launch customer NerdWallet, this feature was designed to meet real-world demands for a secure, efficient secrets management solution. With Altis Cloud, you can create and manage variables and secrets within the Altis Dashboard, making them accessible only when required—keeping them safe from unintended exposure and unauthorised access.
Here’s what the new feature offers:
- Secrets: Sensitive values like API tokens and keys, encrypted and only accessible to authorised processes.
- Variables: Non-sensitive configuration settings that can be viewed and managed by the entire team.
What are secrets for?
Many teams rely on API tokens, authentication keys, and configuration variables to connect to third-party services or control internal application features. Traditionally, this data is stored directly in codebases or configuration files, which can create significant security risks, especially if it’s stored in plaintext. A leak, accidental commit, or unauthorised access could expose these keys, potentially compromising applications and user data.
Altis Cloud’s secrets manager eliminates these risks by storing sensitive information in a secure, encrypted infrastructure separate from the application codebase. This approach aligns with the 12-Factor App methodology, separating sensitive data from your application code and reducing the risk of data leaks.
Developers can now set up keys for external services and toggle configurations without modifying the codebase. This is particularly useful for build processes (e.g. authentication keys for Composer), and runtime environments (e.g. API tokens for external services).
By keeping secrets and variables outside the codebase, Altis Cloud minimises security risks and makes it easier for teams to comply with best practices for secure development.
Secrets behind the scenes
Under the hood, we store variables and secrets in purpose-designed infrastructure which keeps data safe. This data is stored and encrypted with the same per-customer hardware security modules (HSMs) we use to encrypt customer databases and internal authentication keys.
These secrets are never stored in plaintext, never written to the filesystem, and are only loaded into memory when needed during the build process and when containers are launched, minimising exposure.
Changes to secrets and variables apply as soon as you deploy, without needing any codebase changes. This allows using non-secret variables to easily toggle feature flags or set global configuration.
Available now for everyone
We developed variables and secrets alongside Altis v20, and it’s now available to all customers who have upgraded. We’ve got brand new documentation on how to use it, as well as specific docs on how to use them in your build scripts for private dependencies.
We’re excited to see what you all build with these tools!
Unlock Secrets for your team – get in touch to explore Altis Cloud today.
