steampipe plugin install vercel

Table: vercel_secret - Query Vercel Secrets using SQL

Vercel Secrets is a feature within the Vercel platform that allows users to store sensitive data, like API keys, securely. These secrets can be used in environment variables for Vercel projects, ensuring that sensitive data is not exposed in your code or Vercel logs. They provide an additional layer of security for your applications, keeping your sensitive data safe and secure.

Table Usage Guide

The vercel_secret table provides insights into the secrets stored within Vercel. As a developer or security analyst, explore secret-specific details through this table, including secret names, created timestamp, and the projects that use these secrets. Utilize it to uncover information about secrets, such as those that are outdated, unused, or associated with specific projects, ensuring the security and integrity of your applications.

Examples

List all secrets

Discover the segments that contain confidential data by identifying instances where certain projects have created secrets. This can help in managing and reviewing the configuration for data security across different projects.

select
project_id,
name,
uid,
created_at
from
vercel_secret;
select
project_id,
name,
uid,
created_at
from
vercel_secret;

Secrets more than 1 year old

Identify older secrets within your project that may pose a security risk. This query is useful for maintaining good security hygiene by pinpointing secrets that have been in use for over a year.

select
project_id,
name,
uid,
created_at
from
vercel_secret
where
created_at < now() - interval '1 year';
select
project_id,
name,
uid,
created_at
from
vercel_secret
where
created_at < datetime('now', '-1 year');

Secrets used by environment variables

Discover the secrets that are being utilized by your environment variables in your projects. This can help in understanding the linkage between your projects and the secrets, enhancing your project's security and management.

select
p.name as project_name,
e ->> 'key' as env_var,
e ->> 'type' as env_var_type,
s.name as secret_name,
s.uid as secret_uid,
s.created_at as secret_created_at
from
vercel_project as p,
jsonb_array_elements(env) as e,
vercel_secret as s
where
e ->> 'type' = 'secret'
and e ->> 'value' = s.uid;
select
p.name as project_name,
json_extract(e.value, '$.key') as env_var,
json_extract(e.value, '$.type') as env_var_type,
s.name as secret_name,
s.uid as secret_uid,
s.created_at as secret_created_at
from
vercel_project as p,
json_each(env) as e,
vercel_secret as s
where
json_extract(e.value, '$.type') = 'secret'
and json_extract(e.value, '$.value') = s.uid;

Schema for vercel_secret

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
created_attimestamp with time zoneTime when the secret was created.
decryptablebooleanTrue if the secret value can be decrypted after it is created.
nametext=Name of the secret.
project_idtextUnique identifier of the project the secret belongs to.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
team_idtextUnique identifier of the team the secret was created for.
uidtext=Unique identifier of the secret.
user_idtextUnique identifier of the user who created the secret.
user_uidtext=, !=, ~~, ~~*, !~~, !~~*Unique identifier of the user.
valuetextValue of the secret.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- vercel

You can pass the configuration to the command with the --config argument:

steampipe_export_vercel --config '<your_config>' vercel_secret