82 lines
2.7 KiB
Markdown
82 lines
2.7 KiB
Markdown
# Secrets
|
|
|
|
The Secrets tool tracks expiry dates for API tokens, SSL certificates, passwords, and any other time-sensitive credentials. It provides in-app status indicators and daily Gotify notifications when secrets are about to expire or have already expired.
|
|
|
|
---
|
|
|
|
## Accessing the tool
|
|
|
|
Navigate to **🔑 Secrets** in the sidebar under the **Tools** section.
|
|
|
|
---
|
|
|
|
## Secret fields
|
|
|
|
| Field | Required | Description |
|
|
|-------|----------|-------------|
|
|
| Name | Yes | A clear identifier, e.g. `Cloudflare API Token` |
|
|
| Type | Yes | One of: API Token, SSL Certificate, Password, Generic |
|
|
| Description | No | What the secret is used for |
|
|
| Expiry Date | Yes | The date the secret expires |
|
|
| Warn (days before) | Yes | How many days before expiry to start showing a warning. Defaults to 30. |
|
|
| Notes | No | Any additional free-text notes |
|
|
|
|
---
|
|
|
|
## Status indicators
|
|
|
|
Each secret is assigned a status based on the current date and its warning threshold:
|
|
|
|
| Status | Meaning |
|
|
|--------|---------|
|
|
| **OK** (green) | Expiry is further away than the warning threshold |
|
|
| **Expiring** (amber) | Expiry is within the warning window |
|
|
| **Expired** (red) | The expiry date has passed |
|
|
|
|
The Days Left column shows how many days remain, or how many days ago the secret expired (shown as `Xd ago`).
|
|
|
|
---
|
|
|
|
## Filtering
|
|
|
|
Use the filter bar to search by name or description. The status dropdown lets you view only expired, expiring, or OK secrets.
|
|
|
|
---
|
|
|
|
## Notifications
|
|
|
|
Sloth Manager checks for expiring and expired secrets once per day at **08:00** and sends a single Gotify notification listing all secrets that need attention. The check also runs once when the backend starts, but only if it has not already run today — so restarting the backend will not spam notifications.
|
|
|
|
Notifications require Gotify to be configured and enabled in **⚙️ Settings → Notifications**.
|
|
|
|
Example notification:
|
|
|
|
```
|
|
🦥 Sloth Manager — Secrets Alert
|
|
|
|
2 secrets need attention:
|
|
|
|
✕ EXPIRED — Azure Client Secret
|
|
⚠ 12d left — SSL Certificate (example.com)
|
|
```
|
|
|
|
---
|
|
|
|
## Audit log
|
|
|
|
All secret changes (add, update, delete) are recorded in **📋 Audit Log** under the category **Secret**.
|
|
|
|
---
|
|
|
|
## Export
|
|
|
|
Press **⬇ Export CSV** to download the current (filtered) list of secrets as a CSV file. The export includes name, type, description, expiry date, warning days, status, days left, and notes.
|
|
|
|
---
|
|
|
|
## Data storage
|
|
|
|
Secrets are stored in `backend/secrets.json`. This file is created automatically on first use. The path can be overridden with the `SECRETS_PATH` environment variable — see `ENVIRONMENT.md` for details.
|
|
|
|
> **Note:** Secret values themselves (e.g. the actual token or password) are not stored — only metadata such as the name, type, and expiry date.
|