Morpheus Cypher Secrets Manager

By: Morpheus Data

Secrets management is a key part of IT automation given the need for the automation securely interact with external systems. Credentials such as passwords and API keys are used to authenticate to those external systems and must be secured. The challenge is securing them in a way that is simple to use but also scales across multiple engineers. Many automation tools attempt to solve this problem through the use of a master password or a cryptographic key pair. Unfortunately, this creates another problem for many tools as the master password or private key now needs to be securely stored but also accessible which often leads to insecure handling of the secret that unlocks access to all the other secrets. Morpheus Cypher helps solves this problem in a simple and easy to use way that is integrated into the platform to help avoid the master secret handling problem.

What is Cypher? 

Cypher is a secrets manager built into the Morpheus platform for storing passwords, API keys and other sensitive data for use in your automation. Secrets can be revoked manually or expired automatically through the use of a lease timeout associated with the secret.

Cypher supports the following types of data: 

  • Secret: Secure storage for sensitive values like passwords and API keys. 
  • Password: Dynamically generate a password of configurable character length. 
  • UUID: Dynamically generate a universally unique identifier. 
  • Encryption key: Dynamically generate a symmetric key pair. 
  • TFVars: Securely store Terraform variables/tfvars files for use with the Morpheus Terraform blueprint integration. 

Cypher Integrations 

Secure storage is the core function of Cypher but being able to easily use the secrets stored in Cypher is what makes it truly valuable. Cypher includes a number of native integrations that simplify the use of sensitive data stored in Cypher with common automation tools such as scripts, Ansible and Terraform.


Scripts are still widely used to automate IT system configuration. Morpheus provides a simple way to inject secrets into a Bash, PowerShell or Python script when executed as part of a Morpheus automation task or orchestrated workflow. The injection is as simple as adding the following secret reference to a script that is executed by Morpheus.


Additional information about using Cypher secrets with scripts can be found in the Morpheus Cypher scripts documentation.


Ansible is an open source configuration management tool for configuring IT systems. Morpheus includes a built-in Ansible lookup plugin that simplifies the injection of secrets into an Ansible playbook. The following Ansible code performs a Cypher lookup to retrieve the password stored in Cypher. 

- name: Add a user 
    name: "morpheus" 
    password: "{{ lookup('cypher','secret=secret/securepassword') }}" 
    state: present 

Additional information about using Cypher secrets with Ansible can be found in the Morpheus Ansible integration documentation.


Terraform is an open source Infrastructure as Code (IaC) tool for declaratively building and configuring infrastructure. The Terraform integration in Morpheus allows you to deploy infrastructure using Terraform code within Morpheus. Sensitive data used by Terraform is added to a variable definition or tfvars file for storing variable values separate from the Terraform code. This variable file is encrypted and securely stored within Cypher and can be associated with a Terraform blueprint to pass the variables during the execution of the Terraform code. The following image shows a tfvars file that contains credentials for Terraform code that deploys VMware vSphere resources.

Morpheus Cypher TFVars Secret

The tfvars secret is associated with a Terraform blueprint that contains the Terraform code as shown in the image below.

Morpheus Terraform Blueprint TFVars

Additional information about using Cypher tfvars with Terraform can be found in the Morpheus Terraform integration documentation.


The Morpheus CLI and REST API can be used to interact with Cypher secrets. This allows additional tools or systems such as CI/CD pipelines to interact with Cypher secrets. Additional information about the REST API and CLI can be found in the documentation.

Cypher Backend Extensibility

Morpheus supports custom Cypher backends to extend the functionality of Cypher beyond the native functionality in the platform. This means that additional dynamic secret generation or external data storage functionality can be added. The Morpheus plugin framework was introduced in version 5.0.0 to allows developers to create Java based plugins. Additional details about developing plugins and a custom Cypher backend can be found at the Morpheus Developer Zone (


Cypher provides support for various secret formats as well as simplified secrets injection with popular automation tools like Ansible and Terraform. For additional information on using Cypher for secrets management take a look at the Cypher documentation.

Try Morpheus Community Edition 

The Morpheus Community Edition lets you fully experience the Morpheus platform including nearly all features and capabilities! Register at Morpheus Hub and try it in your home lab or test environment today! 

Related Resources

  • card listing image
    Jul 2024 | Video Demo
    Morpheus Minute: Dashboard
  • listing image
    Jul 2024 | Paper
    ISG Provider Lens – Hybrid Cloud Management
  • card listing image
    Jul 2024 | Webinar
    Tech Brief: Building a Database as a Service Solution w...
  • card listing image
    Jun 2024 | Video Demo
    Morpheus Minute: Deployments in UI
  • Buildvsbuy
    Jun 2024 | Blog
    Build vs. Buy? theCube looks at Hybrid Cloud Platform O...
  • card listing image
    May 2024 | Webinar
    Tech Brief: Integrating Morpheus and GitHub Actions
  • listing image
    May 2024 | Product
    Overview of Morpheus Service and Support Offerings
  • listing image
    May 2024 | Product
    Lab Guide: SuiteCRM Automation with Morpheus
  • card listing image
    May 2024 | Video Demo
    Morpheus Minute: Custom Email Templates 7.0
  • card listing image
    May 2024 | Video Demo
    Morpheus Minute: Console