Secrets in SAE map to the Kubernetes Secret resource type. Use the saectl tool to create, view, update, and delete secrets, and manage the YAML configuration for each secret.
Prerequisites
Before you begin, make sure that you have:
Installed the saectl tool
Configured your AccessKey ID, AccessKey secret, and the region where your application is deployed
For setup instructions, see Install and configure the saectl tool.
Create a secret
Create a configuration file named
secret.yaml. The following is a sample:The value of
.dockerconfigjsonmust be Base64-encoded. To encode your credentials, runecho -n '<your-credentials>' | base64.apiVersion: v1 data: .dockerconfigjson: xxxxxxxx kind: Secret metadata: name: test namespace: default type: kubernetes.io/dockerconfigjsonIn the directory that contains
secret.yaml, run the following command to create the secret:saectl apply -f secret.yaml
List secrets
saectl get secret ${secret-name} -n ${namespace}${secret-name}: The name of the secret. If omitted, all secrets in the namespace are returned.-n ${namespace}: The namespace ID. If omitted, the default namespace is used.
The output is similar to:
NAMESPACE NAME TYPE AGE
default test kubernetes.io/dockerconfigjson 5mThe following table describes the output fields.
| Field | Description |
|---|---|
| NAMESPACE | The namespace where the secret is located. |
| NAME | The name of the secret. |
| TYPE | The type of the secret. |
| AGE | The time elapsed since the secret was created. |
View secret details
Use the get or describe command to retrieve the full configuration of a secret.
Using the get command
saectl get secret ${secret-name} -o {yaml | json} -n ${namespace}${secret-name}: The name of the secret.-o {yaml | json}: The output format.-n ${namespace}: The namespace ID. If omitted, the default namespace is used.
The output is similar to (YAML format):
apiVersion: v1
data:
.dockerconfigjson: xxxxxxxx
kind: Secret
metadata:
name: test
namespace: default
uid: <secret-uid>
type: kubernetes.io/dockerconfigjsonUsing the describe command
saectl describe secret ${secret-name} -n ${namespace}${secret-name}: The name of the secret.-n ${namespace}: The namespace ID. If omitted, the default namespace is used.
Update a secret
Use the edit command to update a secret inline, or the apply command to update it from a file.
Edit inline using the edit command
Run the following command to open the secret configuration in a YAML editor:
The
metadata.name,metadata.namespace,metadata.creationTimestamp, andtypefields cannot be updated.saectl edit secret ${secret-name} -n ${namespace}The editor displays the current configuration, similar to:
apiVersion: v1 data: .dockerconfigjson: xxxxxxxx kind: Secret metadata: name: test namespace: default uid: <secret-uid> type: kubernetes.io/dockerconfigjsonModify the
datafield with your new Base64-encoded value. Save and close the file. The changes take effect immediately.
Update from a file using the apply command
Base64-encode your new credentials:
echo -n '<your-new-credentials>' | base64Open
secret.yamland replace the.dockerconfigjsonvalue with the new Base64-encoded string.In the directory that contains
secret.yaml, run:saectl apply -f secret.yaml
Delete a secret
saectl delete secret ${secret-name} -n ${namespace}${secret-name}: The name of the secret.-n ${namespace}: The namespace ID. If omitted, the default namespace is used.
YAML configuration items
The following table describes the Kubernetes YAML configuration items for secrets in SAE.
| Configuration item | Description | Constraints |
|---|---|---|
metadata.name | The name of the secret. | Cannot be updated. |
metadata.creationTimestamp | The time when the secret was created. | Cannot be updated. |
metadata.namespace | The namespace where the secret is located. | Cannot be updated. |
metadata.uid | The unique ID of the secret. | — |
type | The type of the secret. Fixed value: kubernetes.io/dockerconfigjson. | Required when creating. Cannot be updated. |
data | The key-value pairs of the secret. The value must be Base64-encoded. Format: .dockerconfigjson: xxxxxxxx | Required when creating. |