bobban/sloth-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
sloth-manager/SECRETS.md
T
bobban d2a8072a47 initial commit
2026-06-02 01:00:27 +02:00

2.7 KiB
Raw Permalink Blame History

Secrets

The Secrets tool tracks expiry dates for API tokens, SSL certificates, passwords, and any other time-sensitive credentials. It provides in-app status indicators and daily Gotify notifications when secrets are about to expire or have already expired.

Accessing the tool

Navigate to 🔑 Secrets in the sidebar under the Tools section.

Secret fields

Field Required Description
Name Yes A clear identifier, e.g. Cloudflare API Token
Type Yes One of: API Token, SSL Certificate, Password, Generic
Description No What the secret is used for
Expiry Date Yes The date the secret expires
Warn (days before) Yes How many days before expiry to start showing a warning. Defaults to 30.
Notes No Any additional free-text notes

Status indicators

Each secret is assigned a status based on the current date and its warning threshold:

Status Meaning
OK (green) Expiry is further away than the warning threshold
Expiring (amber) Expiry is within the warning window
Expired (red) The expiry date has passed

The Days Left column shows how many days remain, or how many days ago the secret expired (shown as Xd ago).

Filtering

Use the filter bar to search by name or description. The status dropdown lets you view only expired, expiring, or OK secrets.

Notifications

Sloth Manager checks for expiring and expired secrets once per day at 08:00 and sends a single Gotify notification listing all secrets that need attention. The check also runs once when the backend starts, but only if it has not already run today — so restarting the backend will not spam notifications.

Notifications require Gotify to be configured and enabled in ⚙️ Settings → Notifications.

Example notification:

🦥 Sloth Manager — Secrets Alert

2 secrets need attention:

✕ EXPIRED — Azure Client Secret
⚠ 12d left — SSL Certificate (example.com)

Audit log

All secret changes (add, update, delete) are recorded in 📋 Audit Log under the category Secret.

Export

Press ⬇ Export CSV to download the current (filtered) list of secrets as a CSV file. The export includes name, type, description, expiry date, warning days, status, days left, and notes.

Data storage

Secrets are stored in backend/secrets.json. This file is created automatically on first use. The path can be overridden with the SECRETS_PATH environment variable — see ENVIRONMENT.md for details.

Note: Secret values themselves (e.g. the actual token or password) are not stored — only metadata such as the name, type, and expiry date.

Reference in New Issue View Git Blame Copy Permalink