`secret-add`¶

Summary¶

Adds a new secret.

Usage¶

secret-add [options] <key>[#base64]=<value> ...

Options¶

Flag	Default	Usage
`--description`		Specifies the secret description.
`--expire`		Specifies either a duration or time when the secret should expire.
`--file`		Specifies a YAML file containing secret key values.
`--label`		Specifies a label used to identify the secret in hooks.
`--owner`	application	Specifies the owner of the secret, either the application or unit.
`--rotate`		Specifies the secret rotation policy.

Examples¶

secret-add token=34ae35facd4
secret-add key#base64=AA==
secret-add key#file=/path/to/file another-key=s3cret
secret-add --owner unit token=s3cret 
secret-add --rotate monthly token=s3cret 
secret-add --expire 24h token=s3cret 
secret-add --expire 2025-01-01T06:06:06 token=s3cret 
secret-add --label db-password \
    --description "my database password" \
    data#base64=s3cret== 
secret-add --label db-password \
    --description "my database password" \
    --file=/path/to/file

Details¶

Add a secret with a list of key values.

If a key has the #base64 suffix, the value is already in base64 format and no encoding will be performed, otherwise the value will be base64 encoded prior to being stored.

If a key has the #file suffix, the value is read from the corresponding file.

By default, a secret is owned by the application, meaning only the unit leader can manage it. Use --owner unit to create a secret owned by the specific unit which created it.

secret-add¶