What is the difference between the service secret and Management API secret?
The service secret is specified in your
prisma.yml as the
secret property and used to protect your Prisma services. The service secret is used to generate service tokens (JWT). When making requests against your Prisma service, you must include such a service token in the
Authorization header as a bearer token. The service token can be generated using the
prisma token command.
If you're using the Prisma client, you don't need to generate the tokens manually, nor attach them to any requests made against your service. The generated Prisma client knows the
secret from your
prisma.yml and therefore is able to generate the required service tokens at runtime when it sends requests to the Prisma API.
The Management API is used by the Prisma CLI. The Prisma CLI often needs to make changes to the deployed services, such as migrating the datamodel of a service or resetting its data. To confirm that the CLI is authorized to make these requests, it needs access to the Management API secret. It gets access to it through the
PRISMA_MANAGEMENT_API_SECRET environment variable which you need to set when using the CLI (note that this is not the case when using Prisma Demo servers).