Enabling secret mode

2 minute readSecurity
You must be an administrator to enable secret mode.

By design, you can create feature flags directly from the SDK from within the CloudBees Feature Management UI just by creating and using the flag. If your source code is public, however, we recommend enabling secret mode to protect against flags being created or modified by unauthorized parties.

To enable secret mode, submit a request to enable it and add the secret to your internal code.

When secret mode is enabled, you can create flags as you typically would from the CloudBees Feature Management UI.

When enabled, flags will only be created when the devModeSecret is included in the SDK initialization with <the secret key> added to the code. When the code is run with the secret, flags are created within CloudBees Feature Management for all environments.

Do not include the secret in any publicly released code.

The published code continues to use and evaluate the flags without the secret key, preventing unauthorized users from creating new flags.

Requesting secret mode enablement

You must first submit your request to enable secret mode. Once enabled, <the secret key> must then be defined in the application’s Rox SDK setup code.

To submit your request:

  1. Submit a product request to CloudBees Support.

  2. Alternatively, you can submit your request from within CloudBees Feature Management as follows:

    1. Select Need our help? from the bottom left corner of any screen.

    2. Enter your Email address.

    3. In How can we help you?, enter your request to enable devModeSecret.

    4. Select Send.

    Once the secret is enabled, it is visible as devModeSecret in the Installation instructions.

Verifying secret mode enablement

After submitting your request, you can verify that secret mode has been enabled.

To verify secret mode has been enabled:

  1. From within CloudBees Feature Management, select Installation instructions from the left of your screen.

  2. In Add the following lines of code to your application, verify <the secret key> is added to devModeSecret as defined in Setting up secret mode.

Secret mode is now ready to be set up.

Setting up secret mode

The following shows the devModeSecret code that is added to the Installation instructions.

// For development builds only, add this line on app startup const options = { devModeSecret: "<the secret key>" }
setenv("ROX_DEV_MODE_SECRET", "<the secret key>", 1)
System.setProperty("ROX_DEV_MODE_SECRET", "<the secret key>");
var options = new RoxOptions(new RoxOptions.RoxOptionsBuilder { DevModeKey = "<the secret key>" });
options = RoxOptions( dev_mode_key='<the secret key>' );
options := server.NewRoxOptions(server.RoxOptionsBuilder { DevModeKey: "<the secret key>" })
options = Rox::Server::RoxOptions.new(dev_mode_key: '<the secret key>')
$roxOptionsBuilder = (new RoxOptionsBuilder())->setDevModeKey("<the secret key>")
RoxOptions *options = rox_options_create(); rox_options_set_dev_mode_key(options, DEFAULT_DEV_MODE_KEY); rox_setup(DEFAULT_API_KEY, options);
Rox::Options *options = Rox::OptionsBuilder() .SetDevModeKey(DEFAULT_DEV_MODE_KEY) .Build(); Rox::Setup(DEFAULT_API_KEY, options);RoxOptions *options = rox_options_create(); 14 rox_options_set_dev_mode_key(options, DEFAULT_DEV_MODE_KEY); 15 rox_setup(DEFAULT_API_KEY, options);