Skip to content

Secrets and SSH Keys

SSH Keys/Secrets are used to store sensitive data used in Commands and Files and private SSH keys.

Note

A single entity is used for both types to employ a generic approach to sensitive data management.

Access Rules

Group Action Condition
User - No access
Manager R Any type: user is added in "Users" or "Managers"
Manager R Type is "SSH Key": user is added in "Users" or "Managers" in related Server
Manager R Type is "Secret"
Manager CRU Any type: user is added in "Managers"
Manager CRU Type is "SSH Key": user is added in "Managers" in related Server
Manager CRUD Any type: user is added in "Managers" and the record is created by the user
Manager CRUD Type is "SSH Key": user is added in "Managers" in related Server and the record is created by the user
Root CRUD Any record

Info

CRUD stands for Create, Read, Update, Delete.

SSH Keys/Secrets are located under the Cetmix Tower > Settings > Keys and Secrets menu.

Keys/Secrets

SSH Key

Used to store SSH private keys. They are selectable in Server settings.

Fields

SSH Key Form

Field Description
Name Readable name
Reference Used for Odoo automation and YAML export/import. Leave blank to generate it automatically.
Reference Code Complete reference code for inline usage in Commands and Files.
Key Type Is "SSH Key" for this type of record.
Note Put your notes here.

Notebook Tabs

Tab Description
Key Value Key value. Please check the note below for more information.
Used For List of Servers where this SSH key is used
Access Access Roles for this record for specific users.

Warning

Key Value is a write-only field. Please ensure that you have saved your secret before saving it. Once saved, it becomes inaccessible from the user interface.

Secret

Used to store sensitive information that can be used inline in commands, e.g., a token or a password. Secrets cannot be previewed in command preview and are replaced with a placeholder in Command logs.

Secret Form

Field Description
Name Readable name
Reference Used for Odoo automation and YAML export/import. Leave blank to generate it automatically.
Reference Code Complete reference code for inline usage in Commands and Files.
Key Type Is "Secret" for this type of record.
Partner Secret type only. If selected, this secret is used only for the selected partner Servers.
Server Secret type only. If selected, this secret is used only for the selected Server.
Note Put your notes here.

Notebook Tabs

Tab Description
Secret Value List of secret values. Values marked as "Global" are used if no partner or server is selected.
Access Access Roles for this record for specific users.

Warning

Secret Value is a write-only field. Please ensure that you have saved your secret before saving it. Once saved, it becomes inaccessible from the user interface.

Secret Value Priority

When a secret is parsed, its value is searched in the following order:

  1. Server and partner specific. Both "Server" and "Partner" fields match the current server and partner.
  2. Server specific. "Server" field matches the current server, "Partner" field is not set.
  3. Partner specific. "Partner" field matches the current partner, "Server" field is not set.
  4. Global. Both "Server" and "Partner" fields are not set.

Secrets are inserted inline in code using the following pattern: #!cxtower.secret.reference!#. It consists of three dot-separated parts and is terminated with a mandatory !# suffix:

  • #!cxtower is a special prefix that indicates that the following text is a Cetmix Tower secret.
  • secret is used to declare its type (secret).
  • reference is the Reference field value.

Example

Suppose we have a secret with my_secret_dir reference and value suchMuchFolder. In this case, the following command:

mkdir /home/#!cxtower.secret.my_secret_dir!#

will be executed as:

mkdir /home/suchMuchFolder