FAQ

What is the difference between the service secret and Management API secret?

FAQ

The service secret is specified in your prisma.yml as the secret property and used to protect your Prisma services. The service secret is used to generate service tokens (JWT). When making requests against your Prisma service, you must include such a service token in the Authorization header as a bearer token. The service token can be generated using the prisma1 token command.

If you're using the Prisma client, you don't need to generate the tokens manually, nor attach them to any requests made against your service. The generated Prisma client knows the secret from your prisma.yml and therefore is able to generate the required service tokens at runtime when it sends requests to the Prisma API.

The Management API secret is specified in the Docker Compose file that's used to deploy a Prisma server. It protects the Management API of the Prisma server.

The Management API is used by the Prisma CLI. The Prisma CLI often needs to make changes to the deployed services, such as migrating the datamodel of a service or resetting its data. To confirm that the CLI is authorized to make these requests, it needs access to the Management API secret. It gets access to it through the PRISMA_MANAGEMENT_API_SECRET environment variable which you need to set when using the CLI (note that this is not the case when using Prisma Demo servers).

Content
FAQ