Secrets

Secrets are used to authenticate access to the cloud provider APIs or store secrets. This is done with the AWS, Cloudflare and Oracle Cloud types. These secrets can then be used for certificates or domains to allow for automated certificates or automated DNS management. When using secrets with pods it's recommended to use the JSON type even for cloud API keys.

JSON Secrets

JSON secrets allow storing key value pairs in one secret that are easily accessible from pod scripts using the pci command. Below is an example JSON secret with 3 values.

This can then be added to a pod by including it in the spec as shown below. The secret organization must match the pods organization.

secrets:
    - +/secret/api-key

Then this secret can be retrieved from the pod using the command below. Newlines were added to the output below for legibility the command will not add newlines to the output.

[cloud@dev-unit ~]$ sudo pci get +/secret/api-key/data.secret
test
[cloud@dev-unit ~]$ sudo pci get +/secret/test/data.number
34

Currently the only supported values are string, number, boolean and null this will be improved in future releases. Secrets can be added or modified and will be updated on the IMDS system within 1-5 seconds.