See also: Secret
Charms can use relations to share secrets, such as API keys, a database’s address, credentials and so on. This document demonstrates how to interact with them as a Juju user.
The write operations are only available (a) starting with Juju 3.3 and (b) to model admin users looking to manage user-owned secrets. See more: Secret.
- Add a secret
- View all the available secrets
- View details about a secret
- Grant access to a secret
- Update a secret
- Remove a secret
To add a secret, run the
add-secret command followed by a secret name and a (space-separated list of) key-value pair(s). For example:
juju add-secret dbpassword foo=bar
The command also allows you to specify the type of key, whether you want to supply its value from a file, whether you want to give it a label, etc.
To view all the secrets available in a model, run:
You can also add options to specify an output format, a model other than the current model, an owner, etc.
To drill down into a secret, run the
show-secret command followed by the secret name or ID. For example:
juju show-secret 9m4e2mr0ui3e8a215n4g
You can also add options to specify the format, the revision, whether to reveal the value of a secret, etc.
To grant a secret to an application, run the
grant-secret command followed by the secret name or ID and by the name of the application. For example:
juju grant-secret dbpassword mysql
This feature is opt-in because Juju automatically removing secret content might result in data loss.
To update a secret, run the
update-secret command followed by the secret ID and the updated (space-separated list of) key-value pair(s). For example:
juju update-secret secret:9m4e2mr0ui3e8a215n4g token=34ae35facd4
To remove all the revisions of a secret, run the
remove-secret command followed by the secret ID. For example:
juju remove-secret secret:9m4e2mr0ui3e8a215n4g
The command also allows you to specify a model or to provide a specific revision to remove instead of the default all.