Nextjournal can store your secrets safely, fully encrypted in a vault that’s separated from your notebooks. Stored secrets can be referenced in notebooks and shared between your collaborators. Here, we'll show you how.
How to add a secret
From your profile
In Nextjournal, secrets belong to a profile, so you will find all stored secrets on a profile’s settings page. Secrets that belong to a group profile can be used by all members of that group.
To add, or edit a secret from your profile, first go to your Settings from the dropdown of your avatar at the top right).
Then, click on Secrets, provide a Secret name and the Secret you want to save, and click on Add new secret:
That’s it! Now any of your notebooks can reference the secret.
From your notebook
You can also always add secrets from right where you want to use them, so no need to head to the profile page when you’re already in a notebook.
First, open the settings of the runtime for which you'd like to use the secret, clicking on the ⚙️ next to that runtime's name. Then, add your secret as an environment variable, or as a mount:
The choice depends on how you'd like to use it, let's see the section below for more details.
Using secrets in a notebook
As an environment variable
You may want to use a secret as an env variable, through the Environment Variables option in the runtime settings. After doing so, we can source the secret normally from the code cells of that runtime:
As a file
Sometimes, it will make more sense to store your secret as a file, e.g., for AWS credentials. Using the Mount option for the secret will add it as a file, accessible from the code cells associated to the runtime that we mounted it to. Here's how we do it here:
Hope that this helped you! If you have more questions, don't hesitate to reach out.