Using secret versions
Now that we have learned to read and write secrets, it is a good time to learn something about secret versions. Secret versions protect us from accidentally overwriting a secret and can come in very handy when doing rolling updates of our infrastructure.
Alright, let’s write once more to the secret we used before:
secrethub write $SH_USERNAME/testing/hello
:2 (or a higher number if we have written to the secret more than twice) is appended to the path that is returned by the client.
This number at the end of the path indicates the version number that has just been written.
We can access any version of a secret by appending
:<version> to the path.
The latest version can be retrieved by appending
:latest or by leaving the version out altogether.
secrethub read $SH_USERNAME/testing/hello:latest
To access the first version of the secret, we can append
secrethub read $SH_USERNAME/testing/hello:1
Now that we’ve gotten the hang of using secret versions, let’s see how processes can read secrets as code.