Sensitive Data

Sensitive data includes passwords, API keys, tokens, and other confidential information that requires protection from unauthorized access or exposure. Mission Control provides comprehensive protection for sensitive data throughout the entire playbook lifecycle.

Secret Parameters

Use secret type parameters to handle sensitive data in playbooks:

http-secret-parameter.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
  name: cloud-storage-access-issue-alert
  namespace: mc
spec:
  description: Notify the relevant team when there is an issue accessing cloud storage, ensuring swift action to mitigate any potential impact on services.
  parameters:
    - name: issueDetails
      label: Details of the Issue
      type: secret
  actions:
    - name: send-alert
      http:
        url: https://webhook.site/4497113a-2d88-490d-ab91-c3c19bf035d7
        method: POST
        headers:
          - name: Content-Type
            value: application/json
        templateBody: true
        body: |
          {
            "alert": "Cloud Storage Access Issue",
            "details": "$(params.issueDetails)"
          }

KMS Connection

info

Your Mission Control instance must have a KMS connection configured to use secret parameters.

Configure this using the --secret-keeper-connection flag:

mission-control serve --secret-keeper-connection "connection://default/my-kms-key"

Or set kmsConnection in your Helm values file.

Supported connection types:

AWS KMS
Azure Key Vault
GCP KMS

For field-level schema details, see KMS connection reference.

Secret Parameters​

KMS Connection​

Secret Parameters

KMS Connection