Introduction
Architecture
Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryStore an object on Amazon S3Retrieve an object from Amazon S3
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Argo WorkflowsCopy a remote image with CraneDeploy a binary with EC2Deploy to ECSRender an ECS task definitionBuild a container image with KanikoDeploy with OctopusDeploy with SpinnakerRun Ansible PlaybookDeploy with HerokuDeploy with AWS CodeDeployDeploy with AWS Elastic BeanstalkDeploy with Tosca
Publish evidence items
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxFind Security BugsGitHub Security ScannerGosecMendNexus IQSnykSonarQube bundledSonarQube
IntroductionMendSnyk
IntroductionTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate new requestUpdate existing requestGet change request state
Publish test results
CI insights for Jenkins

Enabling secret mode

3 minute read
You must be an administrator to enable secret mode.

By design, users can create feature flags directly from the SDK or the CloudBees platform UI simply by defining and using the flag. Secret mode adds a layer of security, as only authorized users have access to <the secret key> required to create or update flags, which is important for environments where source code might be exposed.

Secret mode requirements

CloudBees must enable secret mode before you can set it up or use it. Additionally, <the secret key> must remain confidential and accessible only to authorized users.

When secret mode is enabled, flags will only be created when devModeSecret is included in the SDK initialization with <the secret key> added to the code. When the code is run with the secret, flags are created.

When to use secret mode

  • Enable secret mode to protect against unauthorized users creating or modifying flags, especially if your source code is public.

  • Use secret mode to restrict flag creation or updates to specific users with access to the <the secret key>.

How to enable secret mode

Submit your request to CloudBees to enable secret mode. Once enabled, follow the steps to set up secret mode by defining the Rox SDK setup for the code language of your application.

To submit your request:

Verify the secret mode enablement

After submitting your request, once secret mode is enabled, it is visible as devModeSecret in the Feature management  Installation SDK installation page as you go through the steps to set up your application.

To verify secret mode has been enabled:

  1. Sign-in to CloudBees, cloud-native platform.

  2. Select Installation from the left navigation.

  3. Complete the SDK installation steps for the code language of your application.

  4. In the step to Add the following lines of code to your application, verify that <the secret key> is added to devModeSecret as defined in set up secret mode

Secret mode is now ready to be configured.

The following examples demonstrate the difference between the default state (A: "secret mode not enabled") and the configured state (B: "secret mode enabled").

Example: Creating flags without secret mode.
secret mode not enabled
Figure 1. Example creating flags using the SDK without secret mode.

The example above shows the default option using the SDK to create flags. Once the line of code with the environment key is run, any flags defined above will be created in the application. Secret mode is not enabled in this example.

  1. This line of code is the environment key, secret mode is not enabled in this example.

Example: Creating flags with secret mode enabled.
secret mode enabled
Figure 2. Example creating flags using the SDK with secret mode enabled.

The example above shows the code with secret mode enabled. The application code must include the devModeSecret and <the secret key> to create and display flags. Without the key, no flags will be created.

  1. This line of code is the environment key.

  2. This line of code is the devModeSecret and <the secret key>.

Do not include the secret in any publicly released code.

The published code continues to use and evaluate the flags without the secret key, preventing unauthorized users from creating new flags.

Set up secret mode

The following shows the devModeSecret code that is added to the Installation instructions.

Javascript
iOS/Swift
Java
C#
Python
Go
Ruby
PHP
C
C++
 // For development builds only, add this line on app startup
const options = {
    devModeSecret: "<the secret key>"
}
setenv("ROX_DEV_MODE_SECRET", "<the secret key>", 1)
System.setProperty("ROX_DEV_MODE_SECRET", "<the secret key>");
var options = new RoxOptions(new RoxOptions.RoxOptionsBuilder
         {
          DevModeKey = "<the secret key>"
        });
options = RoxOptions(
    dev_mode_key='<the secret key>'
);
=  options := server.NewRoxOptions(server.RoxOptionsBuilder {
                DevModeKey: "<the secret key>"
        })
options = Rox::Server::RoxOptions.new(dev_mode_key: '<the secret key>')
$roxOptionsBuilder = (new RoxOptionsBuilder())->setDevModeKey("<the secret key>")
RoxOptions *options = rox_options_create();
rox_options_set_dev_mode_key(options, DEFAULT_DEV_MODE_KEY);
rox_setup(DEFAULT_API_KEY, options);
Rox::Options *options = Rox::OptionsBuilder()
  .SetDevModeKey(DEFAULT_DEV_MODE_KEY)
  .Build();

Rox::Setup(DEFAULT_API_KEY, options);RoxOptions *options = rox_options_create();
 14     rox_options_set_dev_mode_key(options, DEFAULT_DEV_MODE_KEY);
 15     rox_setup(DEFAULT_API_KEY, options);
Properties, custom properties, and target groups