AIARCOASC Docs

Secrets

Encrypted secret store, scoped per project, mounted into functions, pods and workspaces.

What it is

Secrets stores small (≤64 KiB) sensitive values — API keys, DB passwords, certificates. Encrypted at rest with project-scoped keys. Mounted into pods/functions either as env vars or as files; never returned in plaintext through the read API after creation (only references).

When to use it

  • Don't put credentials in container images or YAML.
  • Rotate without redeploying.
  • Audit every read.

Quickstart

asc secrets put DB_PASSWORD --value 's3cr3t'
asc pods run --image my/api --env-from-secret DB_PASSWORD
client.secrets.put('DB_PASSWORD', value='s3cr3t')
client.pods.run(image='my/api', env_from_secrets=['DB_PASSWORD'])
await client.secrets.put('DB_PASSWORD', { value: 's3cr3t' });

Limits & quotas

LimitDefaultBurstNotes
Max value64 KiB
Per project10,000
AuditRead & write365 days

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • PUT /v1/secrets/{name}
  • POST /v1/secrets/{name}/reveal (admin-scope)

Required scope(s): secrets:read, secrets:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.