Setup & Integrations
...
Resolve Satellite
Secret Management
how the satellite uses secrets for security best practice, use secrets to pass in token values to the resolve satellite https //docs resolve ai/resolve satellite when you create a kubernetes secret, it gets stored in the cluster with base64 encoding for security the satellite automatically mounts these secrets as files in the pod at /etc/secrets/\<secret name>/ the raw secret value is never exposed to resolve's cloud, and stays strictly within the walls of your satellite deployment the secret is used to authenticate with on premises data sources, ensuring that no sensitive information is ever persisted in plain text within the cluster where the satellite is running step 1 create the kubernetes secret you can create secrets with one or more keys single key secret kubectl create secret generic \<secret name> from literal=\<key>="\<your token>" multiple key secret kubectl create secret generic \<secret name> \\ \ from literal=\<key1>="\<value1>" \\ \ from literal=\<key2>="\<value2>" resulting secret secret yaml apiversion v1 kind secret metadata name \<secret name> type opaque data \<key> \<value> # base64 encoded value step 2 configure integration in values yaml see the reference schema /reference schema md for integration specific connection parameters values yaml integrations \<integration name> type "\<integration type>" create true secretname \<secret name> connection \# see integration specific documentation for connection parameters step 3 deploy satellite the helm chart includes a file watcher that automatically detects integration updates, removing the need to manually restart the satellite after each change deploy helm upgrade i \<release name> \<chart path> values \<values file> example logz io integration create secret create logz io secret kubectl create secret generic logz token from literal=apitoken="your logz token" configure integration values yaml integrations logzio type "logzio" create true secretname logz token connection url api logz io verifying secrets check if your secret exists check secret kubectl get secret logz token verify secret contents (be careful with sensitive data) verify contents kubectl get secret logz token o jsonpath='{ data token}' | base64 d