Secret events

Event > List of events > Secret events

See also: How to add a secret to your charm

Contents:

• Complete list of secret events
• Secret event triggers
• Secret events in ops

Complete list of secret events

• secret-changed is emitted to the observer of a secret to notify it that a new revision is available.
• secret-expired is emitted to the owner of a secret to notify it that the expiration time has been hit and a new revision should be created.
• secret-remove is emitted to the owner of a secret to notify it that all observers have updated to a new revision and the old revision can be safely removed.
• secret-rotate is emitted to the owner of a secret to notify it that the rotation time has elapsed and a new revision should be created.

Secret event triggers

Secret events can’t be directly triggered by Juju admin operations. Most other events occur because someone did something on the Juju CLI (created a relation, scaled something down, and so on); secret events are, however, exclusively triggered either by charm code or an internal Juju timeout (similar to update-status).

Secret events in ops

In ops, all secret events inherit from ops.charm.SecretEvent, which has a secret attribute that provides the Secret instance this event refers to. The Secret object has various attributes and methods that can be used to interact with the secret – see the API reference for details.

Great writeup @ppasotti.

Here’s something I drafted while reading the spec. Perhaps we could fit it in somewhere.

Concepts

Table view

Secrets

Last read revision

We should go through this next week, I’m not 100% sure where it would fit. Maybe with @tmihoc?

Updated with the latest terminology and API changes, as well as various style tweaks.