FastStore WebOps introduces secret-specific permission controls, allowing project administrators to define exactly which roles can view, edit, or delete secrets. This change provides merchants with enhanced control over sensitive information, helping to ensure compliance with internal policies.
The new permissions system is in Open Beta. To enable it for your FastStore account that uses WebOps, open a ticket with VTEX Support.
What has changed?
Previously, any user with FastStore WebOps dashboard access could create, view, edit, or delete secrets.
Now, access is role-based via License Manager:
- Configuration screens and actions are only enabled if the user's assigned role grants resources for View Secrets or Edit Secrets.
- Users with limited roles will see disabled actions or restricted access, based on their permissions.
Why did we make this change?
The role-based permission system for secrets was developed to:
- Ensure compliance with industry and internal security policies.
- Reduce the risk of accidental or unauthorized exposure of credentials.
- Provide traceable audit logs for secret changes.
What needs to be done?
Only users with the appropriate permissions can view and manage secrets. To ensure a user has the required permissions, check if their VTEX user profile includes a role with the following License Manager resources:
- Product: FastStore
- Category: Secrets
- Resources: View Secrets and/or Edit Secrets
To learn more about secret management in FastStore WebOps, see the guide Managing secrets.