Secrets
Encrypted store for SSH keys and credentials.
Encrypted store for SSH private keys, bearer tokens, basic-auth pairs, and database credentials. Referenced by name from server records and custom HTTP tools.
Route: /secrets
Role gating: read for all; create / edit / delete require admin.
Storage model
Secrets are encrypted at rest using AES-256-GCM with the platform-wide
OREMEDY_ENCRYPTION_KEY. The encryption key never appears in the
database; it is loaded from the environment at boot and validated to be
exactly 32 bytes of hex.
Auth types
| Type | Stored fields |
|---|---|
private_key | Private key content, optional passphrase, username |
bearer_token | Token value |
basic_auth | Username, password |
api_key | API key value, optional header name |
database | Connection URL or user / password / host / port / db |
Table columns
- Name.
- Auth type.
- Last used timestamp.
- Edit / Delete buttons.
Actions
- Create / edit via modal. Type-specific fields render based on the auth type selected.
- Delete. Cascades to references; servers and tools that referenced the secret will fail their next operation until reassigned.