Creating secrets
ENTERPRISE
Creating secrets with a key-value pair or file
You can create secrets in DC/OS by using a key-value pair or as a file. Both methods add a name and secret value to the secret store. You may find it convenient to add a secret as a file if you already have a secret value stored in a file locally and want to avoid copying-and-pasting.
See Configuring services and pods to use secrets for information on how to reference these secrets in your app or pod definition.
IMPORTANT: The maximum file size for a secret is approximately 1 MB, subtracting approximately 1 KB for the secret store metadata.
Creating secrets
The sections below explain how to create secrets as both key/value pairs and as files using the UI, CLI, and the Secrets API.
Secrets should include paths, unless you want to allow all services to access its value. See Spaces for more information about secret paths.
Prerequisites
DC/OS UI
- The
dcos:superuser
permission.
DC/OS CLI or Secrets API
See Secret Store Permissions for the permissions needed to create secrets from the CLI or API. The permissions you configure must include the name of the secret the user is allowed to create. You must have one permission per secret. The secret name and permission name must match.
Creating key-value pair secrets using the UI
Log in to the DC/OS UI as a user with the
dcos:superuser
permission.Open the Secrets tab.
Click the + icon in the top right.
Figure 1 - New Secret icon
If you have no current secrets, a Create Secret screen will be displayed. Click on the Create Secret button.
Figure 2 - Create Secret button
In the ID box of the Create New Secret screen, type the name of your secret and its path, if any.
Figure 3 - Creating a new keypair
Select Key-Value Pair as Type.
Type or paste the secret into the Value box.
Figure 4 - Creating a new Secret
Click Create Secret.
Returning to the Secrets screen, you can see that your secret has been deployed.
Figure 5 - Secret with keypair deployed
Creating key-value pair secrets using the API
This procedure describes how to create a secret called my-secret
inside the developer
path.
NOTE: You must follow the steps in Obtaining the DC/OS CA bundle before issuing the curl commands in this section.
Use
dcos auth login
log in to the CLI.Use the following command to create the secret.
curl -X PUT --cacert dcos-ca.crt -H "Authorization: token=$(dcos config show core.dcos_acs_token)" -d '{"value":"very-secret"}' $(dcos config show core.dcos_url)/secrets/v1/secret/default/developer/my-secret -H 'Content-Type: application/json'
Creating key/value pair secrets via the DC/OS Enterprise CLI
This procedure describes how to create a key/value pair secret called my-secret
inside the developer
path using the DC/OS Enterprise CLI.
Use
dcos auth login
to log into the CLI. You can find more information about this command in the CLI Reference.Use the following command to create the new secret.
dcos security secrets create --value=top-secret developer/my-secret
Creating secrets from a file via the DC/OS Enterprise CLI
This procedure describes how to use a file to create a secret called my-secret
inside the developer
path using the DC/OS Enterprise CLI.
The contents of the file (referred to below as my-secret.txt
) can be any text value.
NOTE: As of DC/OS 1.10, you can only upload a secret as a file from the DC/OS CLI. The maximum file size for a secret is approximately one MiB, subtracting approximately one KB for the secret store metadata.
Use
dcos auth login
to log into the CLI. You can find more information about this command in the CLI Reference.Use the following command to create the new secret.
dcos security secrets create -f my-secret.txt developer/my-secret
IMPORTANT: The maximum file size for a secret is approximately one MB, subtracting approximately one KB for the secret store metadata.
Creating secrets from a file via the DC/OS UI
This procedure describes how to use a file to create a secret using the DC/OS web interface.
Log in to the DC/OS UI as a user with the
dcos:superuser
permission.Click the Secrets tab on the left hand navigation menu.
Click the + icon in the top right.
Figure 6 - Secrets screen
If you have no current secrets, a Create Secret screen will be displayed. Click on the Create Secret button.
Figure 7 - Create Secret button
In the ID box, provide the name of your secret and its path, if any.
Figure 8 - Create New Secret dialog showing file chosen
Select File as Type.
Click Choose File.
Find and select the file you wish to create a secret from.
Click Create Secret.
Returning to the Secrets screen, you can see that your secret has been deployed.
Figure 9- Secret deployed