All Products
Document Center

Update a service secret

Last Updated: Feb 06, 2018

You cannot change the data contained in a created secret. Therefore, if your secret is disclosed or you want to use new data, you must create a new secret and update the service to use the new secret by changing the application configurations.

Take the application mysqlshort as an example (currently the secrets in use are my_mysql_password_v1 and my_secret_v1).



  1. Log on to the Container Service console and create a new secret my_mysql_password_v2.

    For how to create a secret, see Create a secret.

    Note: The created secret and the application must be in the same cluster.


  2. Update the application configurations to update the secret used by the service.

    For how to change the application configurations, see Change application configurations.

    You can modify the service secret information in one of the following two methods:

    • Modify the secret name and the environment variable MYSQL_ROOT_PASSWORD_FILE.


    • Modify the secret name and set target to my_mysql_password_v1.


      Then, files with the secret my_mysql_password_v2 will be mounted to /run/secrets/my_mysql_password_v1 and you do not need to modify the environment variable MYSQL_ROOT_PASSWORD_FILE.

Subsequent operations

After removing the secret my_mysql_password_v1 from the service, you can delete the secret in the Container Service console. For more information, see Delete a secret.