The LivePerson Functions' Secrets Storage allows you to centrally store, access and distribute secrets across your lambdas. Thereby, lambdas can use available access tokens, certificates and encryption keys to establish a connection to external systems. It is recommended to always use access tokens for authentication to external services.

Internally, LivePerson Functions uses HashiCorp Vault to encrypt your secrets using a 256-bit AES cipher in GCM mode with a randomly generated 96-bit nonce before writing them to its persistent storage.

Based on the below roles and permission users can interact with the Secret Storage via the Settings tab. The secrets are key-value pairs, where each value can be of type number, string or JSON.

Try to avoid storing user-credentials within the Functions' Secrets Storage.
Secrets need to be created before deploying the lambda.
Deleting a used secret will directly impact lambdas using it.
Created secrets can not be viewed in cleartext via the LivePerson Functions UI.

LivePerson Functions Secret Store

Based on the permission concept for Functions, the following permissions for managing and using secrets can be configured across different users.

User Role User Permission
FaaS-Admin This user can create new secrets or delete existing secrets.
FaaS-Developer This user can only use all available secrets within functions via each secret's unique key.

Within lambdas, the Toolbelt offers a convenient way of reading and updating secrets at runtime. See this document for further details.