NavigationContentFooter
Jump toSuggest an edit

How to reference secrets in Serverless Jobs

Reviewed on 27 October 2024Published on 27 October 2024

Serverless Jobs seamlessly integrates with Secret Manager, which allows you to store, manage, and access sensitive information, such as credentials, SSH keys, SSL/TLS certificates, or any key/value pairs you need to secure.

You can reference any secret stored in Secret Manager in a job, without having to hardcode any sensitive data.

A job run accesses each secret at startup, and each access generates a call to the Secret Manager API, which is billed accordingly. Refer to the Secret Manager pricing for more information.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • Created a Serverless Job
  • Created a secret

Reference a secret in a job

  1. Click Jobs in the Serverless section of the side menu. The jobs page displays.

  2. Click the name of the job to which you want to add a secret, then open the Settings tab.

  3. In the Secrets references section, click + Add secret reference. A pop-up displays.

  4. Select the secret you want to reference, and the desired version, then click Select reference method.

  5. Select the desired reference method:

  • File: copies the encrypted value of your secret to a file stored at the indicated location within your container. This method is recommended for large or complex data. For example, if your secret is a certificate, you can store it as a file in the /my-certificates folder in your container.

  • Environment variable: passes the encrypted value of your secret to your job as a variable. This method is recommended for small pieces of information, such as passwords, or API secret keys. For example, if you name this variable MY_SECRET, calling $MY_SECRET in your container will return the value of the selected secret in a secure way.

  1. Click Add reference to add the secret to your Serverless Job. Optionally, tick the Add another reference to add a new secret right away, then repeat steps 4 to 6.

The secret is now referenced in your Serverless Job, and can be used within the container.

Update a secret reference from a job

  1. Click Jobs in the Serverless section of the side menu. The jobs page displays.

  2. Click the name of the job for which you want to update a secret, then open the Settings tab.

  3. In the Secret references section, click the «Edit Icon» icon next to the secret reference you want to update. A pop-up displays.

  4. Update the secret version if needed, then click Update to save your changes, or click Select reference method to continue.

  5. Either update the location of the file, or the name of the environment variable, then click Update reference to confirm your changes.

Note

You cannot change the reference method of an existing secret. You have to delete the secret reference within the job first, then create it again with the desired reference method.

Delete a secret reference from a job

  1. Click Jobs in the Serverless section of the side menu. The jobs page displays.

  2. Click the name of the job for which you want to delete a secret, then open the Settings tab.

  3. In the Secret references section, click the «Delete Icon» icon next to the secret reference you want to delete. A confirmation pop-up displays.

  4. Click Delete reference to confirm.

The secret is no longer referenced in your Serverless Job.

Note

Deleting a secret from the Settings tab of a job only deletes the secret reference, not the secret itself. To permanently delete a secret, follow this procedure.

See also
How to manage the scheduling of a jobHow to delete a job
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway