Security, Secrets & Data
Best practices for securing your applications on Helios.
Managing Secrets
Never hard-code secrets like API keys or database passwords in your code. Use Helios's built-in secrets management to store and inject them into your containers securely.
- Navigate to Secrets: Go to the Secrets section in your workspace.
- Add a Secret: Click "Add Secret" and enter your secret as a key-value pair.
- Reference in Deployment: In your deployment configuration, you can select the secrets to mount as environment variables in your container.
Always use a .gitignore file to exclude your secret files and never commit them to your repository. Leaked credentials are a major security risk.
Referencing Secrets in Deployments
Here is how you would reference a secret named API_KEY in your deployment configuration.
In the deployment UI, find the "Secrets" section and add a new variable. Set the name to API_KEY and the value to the secret you created.
# Example deployment.yaml
# (This is a conceptual example)
apiVersion: v1
kind: Deployment
metadata:
name: my-app
spec:
template:
spec:
containers:
- name: my-container
image: my-image
env:
- name: API_KEY
valueFrom:
secretKeyRef:
name: my-helios-secret
key: API_KEYData Persistence and Encryption
- Persistent Storage: Data stored in a container is ephemeral. For data that needs to persist, attach a persistent storage volume to your deployment. Learn more about persistent storage.
- Encryption at Rest: All data on persistent storage volumes is encrypted at rest by default.
- Encryption in Transit: All traffic to and from the Helios platform is encrypted using TLS.