Skip to content

Robotair Secrets

Estimated time to read: 2 minutes

Concept Overview

Secrets in Robotair are secure, centralized credentials that allow authenticated access to private container registries. These credentials are not embedded in robots. Instead, the Robotair Agent uses them temporarily to pull container images during deployment, ensuring security and compliance.

Secrets can include:

  • Registry usernames and passwords
  • Access tokens or OAuth credentials
  • SSH keys for secure Git or registry access

All secrets are encrypted at rest and never transmitted to the robot outside the context of a controlled, authenticated image pull operation.

Role in the Platform

Robotair Secrets ensure that private container images can be securely deployed to your robots. When a deployment is assigned to a robot that references a private image, the Robotair Agent securely retrieves the image using these secrets without persisting them on the robot.

This separation of secret management from runtime environments ensures:

  • No hardcoded secrets on device
  • Revocable and auditable access control
  • Central management of sensitive credentials

Functional Capabilities

  • Store and manage multiple container registry credentials
  • Associate secrets with builds or deployments
  • Restrict visibility of secrets to authorized organization members
  • Eliminate manual credential handling during OTA updates

Secure Image Pull Process

The following diagram illustrates the secure image pull process. Secrets are stored only in the Robotair platform. During deployment, the Robotair Agent receives time-limited credentials that allow it to pull private images from your registry without ever persisting the secrets on the robot.

flowchart TD
    subgraph Robotair[Robotair Platform]
        Secrets["Secrets Store"]
        Builds["Builds"]
        Deployments["Deployments"]
        Fleets["Fleets"]
        Robots["Robots"]
        Auth["Temporary Credentials"]
    end

    subgraph Robot[Robot with Agent]
        Agent["Robotair Agent"]
        Runtime["Runtime"]
    end

    Builds --> Secrets
    Deployments --> Secrets
    Fleets --> Secrets
    Robots --> Secrets
    Secrets --> Auth --> Agent
    Agent --> Runtime
    Runtime -->|"Secure Pull"| Registry["Private Container Registry"]