Brightspot CMS Developer Guide

Secure secrets

Brightspot provides a data model and service for securely storing secrets in the CMS. This can be used to securely store sensitive data, such as API keys or passwords. The system can either store the secret value in the database or externally in a third-party service.

currently provides two secret storage services:

  1. Database Secret Service: An in-database storage with PBKDF2WithHmacSHA256 encryption.
  2. AWS Secret Service: An integration with AWS Secrets Manager to store the secret in AWS Cloud.

The secrets system provides a way to implement custom secret service storage solutions.