Connection secrets

If you make a secure connection to an external platform, FlexMeasures can store credentials, API keys and tokens in the secrets JSON field of the account or asset that owns the connection. Each secret value is encrypted separately and stored together with metadata such as its encryption key ID and timestamps. Developers normally do not need to read or modify this JSON structure directly.

For implementation examples, token lifecycle strategies and manually seeding a credential through the CLI, see Storing connection secrets.

The encrypted values are protected by FLEXMEASURES_SECRETS_ENCRYPTION_KEYS, see FLEXMEASURES_SECRETS_ENCRYPTION_KEYS

This setting accepts arbitrary non-empty strings, which FlexMeasures derives into Fernet-compatible keys.

Hosts must configure this keyring before secrets can be stored - FlexMeasures will print a warning if it is not set and hints how to initialize it.