Olares/docs/developer/concepts/secrets.md

---
description: Olares secrets management system principles, detailing vault items, credentials, secrets and integration credentials classification. Explains sensitive data storage strategies.
---
# Secrets

Olares categorizes secrets based on usage scenarios and employs various management techniques.

|             | Data Type                                                                                                | Storage Location                    | Leak Risk                                                                       | Usage                                                                                                                  |
|-------------|----------------------------------------------------------------------------------------------------------|-------------------------------------|---------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|
| Vault items | Includes website and <br/>database passwords, <br/>blockchain private <br/>keys, etc.                    | Vault                               | Encrypted data in Olares ensures that third parties cannot view even upon logging in | Each use requires a signature from LarePass                                                                            |
| Credentials | System access <br/>credentials obtained<br/> post-secure<br/> authentication:<br/> Tokens, Cookies, etc. | [Infisical](https://infisical.com/) | Viewable by third parties post-authentication in Olares by following specific steps | Available to applications through an API after obtaining Provider permissions                                          |
| Secret      | Sensitive data used<br/> in Pod containers,<br/> like database <br/>connections and <br/> admin accounts       | ETCD                                | Directly visible in [Control Hub](../../manual/olares/controlhub/manage-workload)                                       | Used in Helm deployment templates; secret values are injected into environment variables via valueFrom -> secretKeyRef |

## Integration credential 

Users can enable applications within Olares to access external service credentials by logging into third-party service accounts through Settings. Examples include:

- Logging in to Olares Space allows the backup service to request tokens for automated backend backups.
- Logging into Google enables Files to synchronize with data from Google Drive.

Applications in Olares can retrieve these third-party service credentials via the [Service Provider](../develop/advanced/provider.md).

## Application credential

- Applications within Olares can manage and utilize [credentials](../develop/advanced/secret.md) via system-provided interfaces.
- Credentials generated by an application are exclusively restricted to that application's use.
feat: add docs to main (#1559) 2025-07-17 03:58:59 +00:00			`---`
			`description: Olares secrets management system principles, detailing vault items, credentials, secrets and integration credentials classification. Explains sensitive data storage strategies.`
			`---`
			`# Secrets`

			`Olares categorizes secrets based on usage scenarios and employs various management techniques.`

fix links 2025-10-23 13:47:20 +00:00			`\| \| Data Type \| Storage Location \| Leak Risk \| Usage \|`
			`\|-------------\|----------------------------------------------------------------------------------------------------------\|-------------------------------------\|---------------------------------------------------------------------------------\|------------------------------------------------------------------------------------------------------------------------\|`
feat: add docs to main (#1559) 2025-07-17 03:58:59 +00:00			`\| Vault items \| Includes website and <br/>database passwords, <br/>blockchain private <br/>keys, etc. \| Vault \| Encrypted data in Olares ensures that third parties cannot view even upon logging in \| Each use requires a signature from LarePass \|`
			`\| Credentials \| System access <br/>credentials obtained<br/> post-secure<br/> authentication:<br/> Tokens, Cookies, etc. \| [Infisical](https://infisical.com/) \| Viewable by third parties post-authentication in Olares by following specific steps \| Available to applications through an API after obtaining Provider permissions \|`
fix links 2025-10-23 13:47:20 +00:00			`\| Secret \| Sensitive data used<br/> in Pod containers,<br/> like database <br/>connections and <br/> admin accounts \| ETCD \| Directly visible in [Control Hub](../../manual/olares/controlhub/manage-workload) \| Used in Helm deployment templates; secret values are injected into environment variables via valueFrom -> secretKeyRef \|`
feat: add docs to main (#1559) 2025-07-17 03:58:59 +00:00
			`## Integration credential`

			`Users can enable applications within Olares to access external service credentials by logging into third-party service accounts through Settings. Examples include:`

			`- Logging in to Olares Space allows the backup service to request tokens for automated backend backups.`
			`- Logging into Google enables Files to synchronize with data from Google Drive.`

docs: move concepts to developer doc 2025-10-20 05:37:27 +00:00			`Applications in Olares can retrieve these third-party service credentials via the [Service Provider](../develop/advanced/provider.md).`
feat: add docs to main (#1559) 2025-07-17 03:58:59 +00:00
			`## Application credential`

docs: move concepts to developer doc 2025-10-20 05:37:27 +00:00			`- Applications within Olares can manage and utilize [credentials](../develop/advanced/secret.md) via system-provided interfaces.`
feat: add docs to main (#1559) 2025-07-17 03:58:59 +00:00			`- Credentials generated by an application are exclusively restricted to that application's use.`