Most of the data you store in Pactflow is dummy or test data - think of the "Joe" and "Bloggs" you use in the firstName and lastName fields of your User API. Any real customer or sensitive information should be scrubbed or de-identified before adding into a contract. But sometimes, you need to pass in sensitive information - for example, authentication details for a webhook. This is where secrets come in.
How they work
- Each customer has a unique key generated and assigned to them when created
- All secrets are encrypted with this key, and stored encrypted in our database
- Secrets once created, cannot be viewed again - any log file that knows about a given secret will automatically redact it, replacing it with "********"
Creating a new secret
You can find the new Secrets screen by navigating to Settings (the little cog icon) in the top right-hard corner, and choosing "Secrets" from the menu.
- Name: the variable name may not have spaces, and contain only alpha-numeric characters
- Description: giving the secret a memorable description will be helpful when referring to it later on
- Value: any string value for the secret
Currently, secrets are supported only in the Webhooks feature. Secrets are now first-class citizens in the system, and will be added to other interfaces in the future as needed.
Once you've created the secret, you can now use it in your Webhooks. You can use the secret, in any location a dynamic variable is supported (currently Headers, Body, and the Basic Authentication username and password).
The secret is also handily loaded into the "Dynamic Variables" help context, so that you can see which variables are available when creating the Webhook:
When you run a test, you'll note any secrets are securely redacted:
Secrets are available now and you can start using them today. Aside from updating any existing Webhooks to use secret values, you don't need to change anything else on the clients side - it should just work ™️.