Documentation

Support

Services

Services

Retrieve secrets in Cloud Code modules

Learn how to retrieve and use secrets within Cloud Code module implementations.
Read time 2 minutesLast updated 17 hours ago
You can retrieve secrets stored in Secret Manager from a Cloud Code module.

Prerequisites

To follow this sample, you need a Cloud Code module set up in your project, and a secret stored in Secret Manager.
  1. Follow the steps in the Getting Started guide to set up your Cloud Code module.
  2. Create a secret in Secret Manager, and allow Cloud Code access. For more information, refer to the Store secrets guide.
  3. Familiarize yourself with how Cloud Code integrates with other Unity services. For more information, refer to the Unity services integration guide.
When you have completed these steps, you can follow the instructions below to retrieve the secret in your Cloud Code module.

Retrieve a secret

To retrieve a secret in a Cloud Code module, you can use the Secret Manager SDK for Cloud Code. The following example demonstrates how to retrieve a secret in a Cloud Code module.

Initialize the Client SDK

Secret Manager integration in Cloud Code follows a similar pattern to other Unity services integrations in Cloud Code. The Client SDK contains the Secret Manager client, which you can use to retrieve secrets stored in Secret Manager. In your Cloud Code module, set up the Client SDK.

C#

public class ModuleConfig : ICloudCodeSetup{    public void Setup(ICloudCodeConfig config)    {        config.Dependencies.AddSingleton(GameApiClient.Create());    }}

Retrieve the secret

To retrieve the secret, use the SecretManager SDK.

C#

   using Unity.Services.CloudCode.Apis;...[CloudCodeFunction("GetSecretExampleFoo")]public async Task GetSecretExampleFoo(IExecutionContext context, IGameApiClient gameApiClient){    Secret SECRET_EXAMPLE = await gameApiClient.SecretManager.GetSecret(context, "SECRET_EXAMPLE");    // The secret value can be accessed via SECRET_EXAMPLE.Value    // Be wary of how this secret value is utilised within your code and avoid logging the secret value or passing it as a response/ exception    ...}
Although the secrets are stored at different levels in the hierarchy, you do not need to specify the level when retrieving the secret. The client will retrieve the value at the lowest level in the hierarchy where it exists. For instance, if you do not have a set value at the environment level for the secret you are retrieving, the client will retrieve the value from the project level, and lastly, the organization level. For more information on the secret hierarchy, refer to Secret hierarchy.

Use the secret

You can now use the secret value in your Cloud Code module. Simply pass down the secret value to the relevant service or API. For instance, if you use secrets to store service account credentials to authenticate an admin service in Cloud Code, you can pass the secret value to the service. The sample belows shows how you can pass down the Service Account credentials to authenticate the Leaderboards Admin SDK in Cloud Code. Call the value on the secret object to retrieve the secret value.

C#

...    [CloudCodeFunction("CreateLeaderboard")]    public async Task CreateLeaderboard(IExecutionContext context, IGameApiClient gameApiClient, IAdminApiClient adminApiClient)    {        Secret SERVICE_ACCOUNT_KEY = await gameApiClient.SecretManager.GetSecret(context, "SERVICE_ACCOUNT_KEY");        Secret SERVICE_ACCOUNT_SECRET = await gameApiClient.SecretManager.GetSecret(context, "SERVICE_ACCOUNT_SECRET");        try        {            await adminApiClient.Leaderboards.CreateLeaderboardAsync(                executionContext: context,                serviceAccountKey: SERVICE_ACCOUNT_KEY.Value , // Secret value retrieved from Secret Manager                serviceAccountSecret: SERVICE_ACCOUNT_SECRET.Value , // Secret value retrieved from Secret Manager                projectId: Guid.Parse(context.ProjectId),                environmentId: Guid.Parse(context.EnvironmentId),                leaderboardIdConfig: new LeaderboardIdConfig(                    id: "new-leaderboard",                    name: "new-leaderboard",                    sortOrder: SortOrder.Asc,                    updateType: UpdateType.KeepBest                )            );        }        catch (ApiException ex)        {            _logger.LogError("Failed to create a Leaderboard. Error: {Error}", ex.Message);            throw new Exception($"Failed to create a Leaderboard. Error: {ex.Message}");        }    }...