The secrets service allows task cluster clients with appropriate scopes to write secrets securely, and in such a way that each secret is tied to a scope. Further, scopes are used to limit the operations a particular client may perform on any secret they have been granted access to.
The service expects the following to run periodically (daily?) to flush expired secrets:
NODE_ENV=production node lib/main.js expire
From the project's base
yarn install then
No special configuration is required.
This service is deployed as a typical Heroku application. The scheduler add-on is used to run the expiration process (described above).
After deploying a new version of this service, open up the tools site and sign in. Using the "secrets" tool, make sure you can read some secret that you have access to (that is, one listed in the UI).
Service Owner: firstname.lastname@example.org