A variable is stored securely in HashiCorp Vault.
Variables can be created at the container-, environment- and project-level and will be exposed as environment variables and/or readonly files.
The environment variable and file are created before actions start and before modules are enabled. This means they can be used in any initialization script.
A readonly file with the variable’s name is created when option “Save to file” is selected.
The file will be available at $INFRAXYS_ROOT/variables/<variable-name> or at $INFRAXYS_ROOT/variables/<type>/<variable-name> if a type is specified.
Variables can be processed automatically before actions run. This is typically done during module initialization.
The aws-core module, for example, generates ~/.aws/config and ~/.aws/credentials based on all variables of type “AWS-CONFIG” and “AWS-CREDENTIALS” that are defined in the scope of the executing action.
And the infraxys-core module generates SSH private key files.
Variables can be used to protect the execution of methods. See Infraxys by example - Securing methods using variables.