Intro to NerdStorageVault

Using NerdStorageVault in your apps

NerdStorageVault is used to store and retrieve sensitive secrets data such as:

• personal access tokens
• license keys
• API keys
• other third party secrets

Usage considerations

• This storage is unique per Nerdpack, and can't be shared with any other Nerdpack.
• NerdStorageVault can currently only be used within the context of a Nerdpack.
• You cannot make a direct query or mutation to NerdStorageVault.
• You can explore the fields and response types via the NerdGraph API explorer.
• The only supported scope is ACTOR, or data that relates to a particular user.

Component library

Currently NerdStorageVault is available in the alpha release of Nr1 Community component library and is not available in the Nr1 core components library. Open source components can be use to augment Nr1 core components for additional functionality.

NerdGraph queries

Below are examples of the queries used by the components to interact with NerdStorageVault.

Write

mutation {
  nerdStorageVaultWriteSecret(
    scope: { actor: CURRENT_USER }
    secret: { key: "test", value: "secret_test" }
  ) {
    status
    errors {
      message
      type
    }
  }
}

Delete

mutation {
  nerdStorageVaultDeleteSecret(
    scope: { actor: CURRENT_USER }
    key: "test_key"
  ) {
    status
    errors {
      message
      type
    }
  }
}

Fetch a single secret

query {
  actor {
    nerdStorageVault {
      secret(key: "test_key") {
        key
        value
      }
    }
  }
}

Fetch a list of secrets

query {
  actor {
    nerdStorageVault {
      secrets {
        key
        value
      }
    }
  }
}

Limits

• A maximum of 10 secrets can be stored per ACTOR.
• A secret value is limited to 5000 characters.
• A key value is limited to 64 characters.

Permissions for working with NerdStorageVault

In order to persist changes to NerdStorageVault, such as writing, deleting, and fetching data, you must have a user role with permission to persist changes.