Share this
Table of Contents
We’re excited to unveil torero 1.5, now available at torero.dev. This release represents a major leap forward in security and operational efficiency, delivering centralized secret management that powers the consistent injection of secrets into all service types.
Since launching torero, we’ve consistently focused on eliminating friction in network automation. Version 1.1 brought distributed clusters, 1.3 introduced private registries, and now 1.5 tackles one of the most critical challenges facing automation teams: making secrets injection accessible and manageable across your tooling ecosystem.
Here’s what changes the game.
>_ what’s new in torero 1.5
🔐 Comprehensive Secret Injection for All Service Types
Security isn’t an afterthought, it’s foundational. torero 1.5 transforms how you handle credentials across your entire automation stack. Taking care to not “hard-code” secrets is often still an afterthought for many practitioners either testing locally or writing quick and dirty scripts. One of our guiding principles behind this design is, making it easier on practitioners to not hard-code secrets and offering flexibility for runtime execution in scenarios where you are provisioning infrastructure via pipelines.
The magic happens through secure environment variable injection that works consistently across all service types:
bash
>_ torero create service python-script my-script \ --secret name=my-api-key,type=env,target=API_KEY \ --repository my-repo \ --filename main.py
Your Python scripts can now access secrets via standard environment variables:
python
import os
api_key = os.getenv('API_KEY')Ansible playbooks leverage the same approach:
yaml
- name: Use API key from secret store
debug:
msg: "API Key: {{ lookup('env', 'API_KEY') }}"Even OpenTofu plans get first-class secret support:
hcl
variable "api_key" {
type = string
description = "API key from torero secret store"
}🎯 Runtime Secret Flexibility
Need to inject different credentials for different environments? torero 1.5 introduces runtime secret specification through the –set-secret flag, giving you the flexibility to adapt on the fly:
bash
>_ torero run service python-script my-script \ --set-secret name=prod-credentials,type=env,target=API_KEY
📋 Decorator Elegance
For teams using decorators, torero 1.5 introduces intelligent secret handling through custom JSON Schema annotations. Simply add x-itential-secret-type and x-itential-secret-target to your decorator properties, and torero automatically prompts for the secret name during service execution:
json
{
"properties": {
"password": {
"type": "string",
"x-itential-secret-type": "env",
"x-itential-secret-target": "DATABASE_PASSWORD"
}
}
}>_ why it matters
With torero 1.5, our goal is to make it easier to do the right thing – consistently. By providing a single way to store and inject secrets across Python, Ansible, and OpenTofu, we’re solving three critical problems:
>_security at scale
No more credentials scattered across repositories, playbooks, or configuration files. Everything flows through a single, encrypted secret store with proper audit trails.
>_operational simplicity
One interface, one pattern, one way to handle secrets regardless of your automation tool of choice. Your team learns it once and applies it everywhere.
>_Compliance confidence
Centralized secret management with controlled access patterns makes audit preparation straightforward and reduces security incident response time.
The result? Your automation workflows become more secure while getting easier to manage, not harder.
>_ try torero 1.5 today
As always, torero is completely free to use in your infrastructure.
📥 download the latest version here →
📝 check out the release notes here →
We’re particularly excited to hear how teams use these new secret management capabilities. Here’s how you can reach us:
💬 join us on the NAF Slack space in the #tools-torero channel
👍 follow us on LinkedIn, X for the latest
⏯️ check out our YouTube channel for updates and tutorials
This release moves torero closer to our vision of frictionless, secure network automation. We’re not stopping here. Stay tuned for more innovations that make automation accessible, secure, and scalable for teams of all sizes.
William Collins
Director of Technical Evangelism ‐ Itential
William Collins is a strategic thinker and a catalyst for innovation, adept at navigating the complexities of both startups and large enterprises. With a career centered on scalable infrastructure design, he serves as Itential’s Director of Technical Evangelism. Here, he leads the charge in network automation, leveraging his deep roots in cloud architecture and network engineering. William hosts The Cloud Gambit Podcast, diving into cloud computing strategy, markets, and emerging trends with industry experts. Outside of transforming networks, you can find him enjoying time with family, playing ice hockey, and strumming guitar.
