On This Page

Home / Edge/ Securing· Manage Secrets and Keys·Create and Manage Secrets

Create and Manage Secrets in Cribl Edge

The Cribl Edge secrets store enables you to centrally manage secrets that Cribl Edge instances use to authenticate on integrated services. Use the Manage Secrets page to create and update authorization tokens, username/password combinations, and API‑key/secret‑key combinations for reuse across the application. These defined secrets can then be programmatically accessed and used within your Cribl Edge configurations using the C.Secret Function.

To ensure they can be decoded correctly, all secrets in Cribl Edge must use latin1 encryption.

Access Secrets

  • In a Single-instance deployment, select Settings > Security > Secrets.
  • In a Distributed deployment with one Fleet, select Configure > Settings > Security > Secrets.
  • In a Distributed deployment with multiple Fleets, secrets are managed on each Fleet. Select Fleet > <Name> > Fleet Settings > Security > Secrets.

On the Manage Secrets page, you can configure existing secrets, and/or click New Secret to define new secrets.

Add New Secret

The New Secret modal provides the following controls:

  • Secret name: Enter an arbitrary, unique name for this secret.

  • Secret type: Some options for this field expose additional controls, as described below.

  • Description: Optionally, enter a description summarizing the purpose of the secret.

  • Tags: Optionally, enter one or multiple tags related to this secret.

Secret Type

This drop-down offers the following types:

  • Text: This default type exposes a Value field where you directly enter the secret.

  • API key and secret key: Exposes API key and Secret key fields, used to retrieve the secret from a secure endpoint. This is the only secret type that Cribl Edge supports for its AWS-based Sources, Collectors, and Destinations, and its Google Cloud Storage Destination.

  • Username with password: Exposes Username and Password fields, which you fill to retrieve the secret using Basic Authentication.

Encrypt Secrets Using the Command Line

You also have the option to create and encrypt sensitive values using the same mechanism Cribl Edge employs internally for all sensitive fields. This ensures consistency and leverages the built-in encryption capabilities within Cribl Edge.

This approach allows you to store all your secrets securely in a password store, keeping them out of your Git repository, and adheres to strict organizational security standards that prohibit storing secrets in version control.

Modifying credentials directly through the Cribl Stream UI won’t be possible, even in development environments. This approach prioritizes security by keeping secrets out of the UI altogether.

For details, see Encrypt in the CLI Reference doc.