Using Application Secret

To use an application secret, include a MystSafe runtime library code with your app and retrieve the secret value by adding the following line of code:

var secret_value = RuntimeEngine.GetSecret(param_name, client_key, api_endpoint); // C#

secret_value = get_secret(param_name, client_key, api_endpoint) # Python

The runtime library will gather the runtime instance parameter values, generate the retrieval key, and request the secret data block. If the parameters collected from the environment match the ones set up for the application secret, the secret data block will be retrieved to the client, the secret value will be decrypted and returned to your app.

When the app retrieves the secret, the pointer to the secret entry stored in the database is generated dynamically using a deterministic key derivation algorithm based on the runtime parameters of the specific environment. Then, the data block is retrieved from the database and the secret value is decrypted using a similar but slightly different, more secure key derivation algorithm. All key generation and data decryption operations happen in the runtime environment where your app is running, so no confidential data or metadata is ever shared with the network.