# Secrets
Secrets are used to authenticate access to the cloud provider APIs or store secrets. This is done with the *AWS*, *Cloudflare* and *Oracle Cloud* types. These secrets can then be used for certificates or domains to allow for automated certificates or automated DNS management. When using secrets with pods it's recommended to use the JSON type even for cloud API keys.
### JSON Secrets
JSON secrets allow storing key value pairs in one secret that are easily accessible from pod scripts using the `pci` command. Below is an example JSON secret with 3 values.
This can then be added to a pod by including it in the spec as shown below. The secret organization must match the pods organization.
```yaml
secrets:
- +/secret/api-key
```
Then this secret can be retrieved from the pod using the command below. Newlines were added to the output below for legibility the command will not add newlines to the output.
```sh
[cloud@dev-unit ~]$ sudo pci get +/secret/api-key/data.secret
test
[cloud@dev-unit ~]$ sudo pci get +/secret/test/data.number
34
```
Currently the only supported values are `string, number, boolean and null` this will be improved in future releases. Secrets can be added or modified and will be updated on the IMDS system within 1-5 seconds.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.pritunl.com/kb/cloud/components/secrets.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.