Serverless App Engine:Manage secrets using the saectl tool

Prerequisites

The saectl tool is installed. You have also configured your AccessKey ID, AccessKey secret, and the region where your application is deployed. For more information, see Install and configure the saectl tool.

Manage secrets

You can use the saectl tool to create, view, update, and delete secrets.

Create a secret

1. Create a configuration file named secret.yaml. The following code provides a sample. For details about each configuration item, see Kubernetes YAML configuration items.

   apiVersion: v1
   data:
     .dockerconfigjson: xxxxxxxx
   kind: Secret
   metadata:
     name: test
     namespace: default
   type: kubernetes.io/dockerconfigjson

2. In the directory that contains the secret.yaml file, run the following command to create a secret for the application.

   saectl apply -f secret.yaml

View a list of secrets

saectl get secret ${secret-name} -n ${namespace}
# ${secret-name} is the name of the secret. If you do not specify a name, all secrets in the scope are returned.
# ${namespace} is the namespace ID. If you do not specify a namespace using the -n parameter, the default namespace is used.

The following table describes the output fields.

View secret details

You can use the get or describe command to view the details of a secret. The output contains the configuration items of the secret. For more information, see Kubernetes YAML configuration items.

View the secret configuration using the get command

saectl get secret ${secret-name} -o {yaml | json} -n ${namespace}
# ${secret-name} is the name of the secret.
# The -o parameter specifies the format of the output.
# ${namespace} is the namespace ID. If you do not specify a namespace using the -n parameter, the default namespace is used.

View secret details using the describe command

saectl describe secret ${secret-name} -n ${namespace}
# ${secret-name} is the name of the secret.
# ${namespace} is the namespace ID. If you do not specify a namespace using the -n parameter, the default namespace is used.

Update a secret

You can use the edit or apply command to update a secret.

Edit the secret configuration online using the edit command

1. Run the following command. The configuration of the specified secret opens in a YAML file.

   saectl edit secret ${secret-name} -n ${namespace}
   # ${secret-name} is the name of the secret.
   # ${namespace} is the namespace ID. If you do not specify a namespace using the -n parameter, the default namespace is used.

2. In the YAML file that opens, modify the configuration as needed. Save and close the file, and the changes will take effect.

Update a secret from a YAML file using the apply command

Modify the secret.yaml configuration file. In the directory that contains the file, run the following command to update the secret.

saectl apply -f secret.yaml

Delete a secret

saectl delete secret ${secret-name} -n ${namespace}
# ${secret-name} is the name of the secret.
# ${namespace} is the namespace ID. If you do not specify a namespace using the -n parameter, the default namespace is used.

Kubernetes YAML configuration items

Secrets in SAE correspond to the Kubernetes Secret resource type. The following table describes the related Kubernetes YAML configuration items.

data:
  .dockerconfigjson: xxxxxx # The value must be Base64-encoded.