How to manage secrets

tmihoc · 24 October 2022 14:33

See also: Secret

Charms can use relations to share secrets, such as API keys, a database’s address, credentials and so on. This document demonstrates how to interact with them as a Juju user.

The write operations are only available (a) starting with Juju 3.3 and (b) to model admin users looking to manage user-owned secrets. See more: Secret.

Contents:

Add a secret
View all the available secrets
View details about a secret
Grant access to a secret
Update a secret
Remove a secret

Add a secret

To add a secret, run the add-secret command followed by a secret name and a (space-separated list of) key-value pair(s). For example:

juju add-secret dbpassword foo=bar

The command also allows you to specify the type of key, whether you want to supply its value from a file, whether you want to give it a label, etc.

See more: juju add-secret

View all the available secrets

To view all the secrets available in a model, run:

juju secrets

You can also add options to specify an output format, a model other than the current model, an owner, etc.

See more: juju secrets

View details about a secret

See also: juju show-secret

To drill down into a secret, run the show-secret command followed by the secret name or ID. For example:

juju show-secret 9m4e2mr0ui3e8a215n4g

You can also add options to specify the format, the revision, whether to reveal the value of a secret, etc.

Grant access to a secret

To grant a secret to an application, run the grant-secret command followed by the secret name or ID and by the name of the application. For example:

juju grant-secret dbpassword mysql

See more: juju grant-secret

Update a secret

This feature is opt-in because Juju automatically removing secret content might result in data loss.

To update a secret, run the update-secret command followed by the secret ID and the updated (space-separated list of) key-value pair(s). For example:

juju update-secret secret:9m4e2mr0ui3e8a215n4g token=34ae35facd4

See more: juju update-secret

Remove a secret

To remove all the revisions of a secret, run the remove-secret command followed by the secret ID. For example:

juju remove-secret  secret:9m4e2mr0ui3e8a215n4g

The command also allows you to specify a model or to provide a specific revision to remove instead of the default all.

See more: juju remove-secret

Contributors: @kelvin.liu , @wallyworld