Secrets Backend Integration
Facets supports multiple secret storage backends depending on your cloud provider:
AWS Secrets Manager
Default for AWS-based deployments. Secrets are stored in AWS Secrets Manager with:
- Automatic encryption at rest
- IAM-based access control
- Cross-region replication support
Google Cloud Secret Manager
Default for GCP-based deployments. Supports three replication modes:
| Mode | Description |
|---|---|
| AUTOMATIC_REPLICATION | Google manages replication across regions (default) |
| USER_MANAGED_REPLICATION | You specify which regions to replicate to |
| REGIONAL | Secrets stored in a single region only |
OpenBao (HashiCorp Vault Compatible)
For self-hosted or multi-cloud deployments:
- Compatible with HashiCorp Vault API
- On-premises secret storage option
- Custom secret engine support
Note: The secret backend is determined by your environment's cluster configuration. Contact your platform administrator to change backends.
Updated about 1 month ago