Skip to main content

​
What is Secrets Management?

VantEdge provides secure, encrypted storage for sensitive information like API keys, database passwords, and service credentials. Secrets are stored in cloud-native secret managers (AWS Secrets Manager, GCP Secret Manager) and automatically injected into your deployments.

​
Key Features

πŸ”’ Cloud-Native Security
Secrets stored in your cloud provider’s managed services with encryption at rest and in transit. No secrets stored on VantEdge infrastructure. πŸ‘₯ Role-Based Access
Workspace-level isolation with granular permissions. Only admins and owners can retrieve secret valuesβ€”members can create and reference secrets without seeing actual values. πŸ”„ Automatic Injection
Secrets automatically injected into agent deployments, model containers, and applications as environment variables or mounted files. πŸ“Š Complete Audit Trail
Every secret access, creation, and modification is logged for compliance and security monitoring.

​
Secret Types

API Tokens
Service-specific API keys for OpenAI, HuggingFace, Anthropic, and other platforms. Database Credentials
Connection strings, passwords, and authentication details for PostgreSQL, MongoDB, Redis, and other data stores. Service Credentials
OAuth tokens, JWT secrets, and other service authentication credentials. Generic Secrets
Any sensitive configuration values, encryption keys, or custom credentials.

​
Creating Secrets

# Example secret configuration
name: "openai-api-key"
type: "api-token"
value: "sk-proj-..."
description: "OpenAI API key for GPT-4 models"
workspace: "production"
Secrets are created through the platform UI or API and immediately encrypted in your cloud provider’s secret manager.

​
Using Secrets in Deployments

Environment Variables 
# Automatic injection into containers
env:
  - name: OPENAI_API_KEY
    valueFrom:
      secretKeyRef:
        name: openai-api-key

  - name: DATABASE_URL
    valueFrom:
      secretKeyRef:
        name: postgres-connection
File Mounts 
# Mount secrets as files
volumes:
  - name: api-credentials
    secret:
      secretName: service-account-key
volumeMounts:
  - name: api-credentials
    mountPath: /etc/secrets
    readOnly: true
Deployments automatically receive the latest secret values without manual updates.

​
Permission Model

RoleCreateView ListRetrieve ValuesUpdateDelete
ViewerβŒβœ…βŒβŒβŒ
Memberβœ…βœ…βŒβœ…βœ…
Adminβœ…βœ…βœ…βœ…βœ…
Ownerβœ…βœ…βœ…βœ…βœ…
Security Features:
  • Write-only by default (values hidden after creation)
  • Admin-only value retrieval prevents accidental exposure
  • Complete audit logging tracks all access
  • Encryption using cloud provider services

​
Workspace Isolation

Organization: "AI Startup"
β”œβ”€β”€ Workspace: "Production"
β”‚   β”œβ”€β”€ openai-api-key (prod key)
β”‚   β”œβ”€β”€ database-password (prod DB)
β”‚   └── stripe-api-key (live mode)
└── Workspace: "Development"
    β”œβ”€β”€ openai-dev-key (dev key)
    β”œβ”€β”€ test-db-password (dev DB)
    └── stripe-test-key (test mode)
Secrets in different workspaces are completely isolatedβ€”no cross-workspace access is possible.

​
Integration with Deployments

Secrets automatically integrate with:
  • Agent deployments for API access and authentication
  • Model deployments for inference service credentials
  • Data sources for database and storage authentication
  • Tool integrations for Slack, Gmail, and other services
Reference secrets by name in your deployment configurations, and VantEdge handles the secure injection automatically.

​
Cloud Provider Support

AWS Secrets Manager
Encryption with AWS KMS, IAM-based access control, automatic rotation support, and multi-region replication. Google Cloud Secret Manager
Google-managed encryption keys, IAM policies, version management, and global access. Azure Key Vault
Coming soon with Azure Active Directory integration and FIPS 140-2 compliance.
Secrets Management provides secure credential storage with automatic injection into your AI deployments, ensuring sensitive data is protected while remaining accessible to authorized applications.