initial commit
This commit is contained in:
+81
@@ -0,0 +1,81 @@
|
||||
# Secrets
|
||||
|
||||
The Secrets tool tracks expiry dates for API tokens, SSL certificates, passwords, and any other time-sensitive credentials. It provides in-app status indicators and daily Gotify notifications when secrets are about to expire or have already expired.
|
||||
|
||||
---
|
||||
|
||||
## Accessing the tool
|
||||
|
||||
Navigate to **🔑 Secrets** in the sidebar under the **Tools** section.
|
||||
|
||||
---
|
||||
|
||||
## Secret fields
|
||||
|
||||
| Field | Required | Description |
|
||||
|-------|----------|-------------|
|
||||
| Name | Yes | A clear identifier, e.g. `Cloudflare API Token` |
|
||||
| Type | Yes | One of: API Token, SSL Certificate, Password, Generic |
|
||||
| Description | No | What the secret is used for |
|
||||
| Expiry Date | Yes | The date the secret expires |
|
||||
| Warn (days before) | Yes | How many days before expiry to start showing a warning. Defaults to 30. |
|
||||
| Notes | No | Any additional free-text notes |
|
||||
|
||||
---
|
||||
|
||||
## Status indicators
|
||||
|
||||
Each secret is assigned a status based on the current date and its warning threshold:
|
||||
|
||||
| Status | Meaning |
|
||||
|--------|---------|
|
||||
| **OK** (green) | Expiry is further away than the warning threshold |
|
||||
| **Expiring** (amber) | Expiry is within the warning window |
|
||||
| **Expired** (red) | The expiry date has passed |
|
||||
|
||||
The Days Left column shows how many days remain, or how many days ago the secret expired (shown as `Xd ago`).
|
||||
|
||||
---
|
||||
|
||||
## Filtering
|
||||
|
||||
Use the filter bar to search by name or description. The status dropdown lets you view only expired, expiring, or OK secrets.
|
||||
|
||||
---
|
||||
|
||||
## Notifications
|
||||
|
||||
Sloth Manager checks for expiring and expired secrets once per day at **08:00** and sends a single Gotify notification listing all secrets that need attention. The check also runs once when the backend starts, but only if it has not already run today — so restarting the backend will not spam notifications.
|
||||
|
||||
Notifications require Gotify to be configured and enabled in **⚙️ Settings → Notifications**.
|
||||
|
||||
Example notification:
|
||||
|
||||
```
|
||||
🦥 Sloth Manager — Secrets Alert
|
||||
|
||||
2 secrets need attention:
|
||||
|
||||
✕ EXPIRED — Azure Client Secret
|
||||
⚠ 12d left — SSL Certificate (example.com)
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Audit log
|
||||
|
||||
All secret changes (add, update, delete) are recorded in **📋 Audit Log** under the category **Secret**.
|
||||
|
||||
---
|
||||
|
||||
## Export
|
||||
|
||||
Press **⬇ Export CSV** to download the current (filtered) list of secrets as a CSV file. The export includes name, type, description, expiry date, warning days, status, days left, and notes.
|
||||
|
||||
---
|
||||
|
||||
## Data storage
|
||||
|
||||
Secrets are stored in `backend/secrets.json`. This file is created automatically on first use. The path can be overridden with the `SECRETS_PATH` environment variable — see `ENVIRONMENT.md` for details.
|
||||
|
||||
> **Note:** Secret values themselves (e.g. the actual token or password) are not stored — only metadata such as the name, type, and expiry date.
|
||||
Reference in New Issue
Block a user