Global Secret
Global Secrets can be used to share sensitive information across users, teams and connected clusters. You can either access shared secrets through the Loft CLI or sync them directly to a project secret.
Example Global Secret
An example Global Secret:
apiVersion: management.loft.sh/v1
kind: SharedSecret
metadata:
creationTimestamp: null
name: my-global-secret
namespace: loft
spec:
data:
password: cGFzc3dvcmQ=
description: Secret Data is base64 encoded.
displayName: My Global Secret
status: {}
Global Secret Reference
kind
required string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind
required string apiVersion
required string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion
required string metadata
required object
metadata
required object spec
required object
spec
required object status
required object
status
required object Retrieve: Global Secrets
You can either use curl or kubectl to retrieve Global Secrets.
- kubectl
- curl
Retrieve a list of Global Secrets
Run the following command to list all Global Secretsin namespace loft
:
kubectl get sharedsecrets.management.loft.sh -n loft -o yaml
Retrieve a single Global Secret by name
Run the following kubectl command to get Global Secret my-global-secret
in namespace loft
:
kubectl get sharedsecrets.management.loft.sh my-global-secret -n loft -o yaml
Retrieve a list of Global Secrets
Run the following curl command to list all Global Secretsin namespace loft
:
curl -s "https://$LOFT_DOMAIN/kubernetes/management/apis/management.loft.sh/v1/namespaces/loft/sharedsecrets" \
-X GET --insecure \
-H "Authorization: Bearer $ACCESS_KEY"
Get a single Global Secret by name
Run the following curl command to get Global Secret my-global-secret
in namespace loft
:
# Exchange my-global-secret in the url below with the name of the Global Secret
curl -s "https://$LOFT_DOMAIN/kubernetes/management/apis/management.loft.sh/v1/namespaces/loft/sharedsecrets/my-global-secret" \
-X GET --insecure \
-H "Authorization: Bearer $ACCESS_KEY"
Create: Global Secret
You can either use curl or kubectl to create a new Global Secret.
- kubectl
- curl
Create a file object.yaml
with the following contents:
apiVersion: management.loft.sh/v1
kind: SharedSecret
metadata:
creationTimestamp: null
name: my-global-secret
namespace: loft
spec:
data:
password: cGFzc3dvcmQ=
description: Secret Data is base64 encoded.
displayName: My Global Secret
status: {}
Then create the Global Secret my-global-secret
in namespace loft
with:
kubectl create -f object.yaml -n loft
Create a file object.yaml
with the following contents:
apiVersion: management.loft.sh/v1
kind: SharedSecret
metadata:
creationTimestamp: null
name: my-global-secret
namespace: loft
spec:
data:
password: cGFzc3dvcmQ=
description: Secret Data is base64 encoded.
displayName: My Global Secret
status: {}
Run the following curl command to create a new Global Secret my-global-secret
in namespace loft
:
curl -s -X POST --insecure \
"https://$LOFT_DOMAIN/kubernetes/management/apis/management.loft.sh/v1/namespaces/loft/sharedsecrets" \
--data-binary "$(cat object.yaml)" \
-H "Content-Type: application/yaml" \
-H "Authorization: Bearer $ACCESS_KEY"
Update: Global Secret
You can either use curl or kubectl to update Global Secrets.
- kubectl
- curl
Update Global Secret
Run the following command to update Global Secret my-global-secret
in namespace loft
:
kubectl edit sharedsecrets.management.loft.sh my-global-secret -n loft
Then edit the object and upon save, kubectl will update the resource.
Patch Global Secret
Patching a resource is useful if you want to generically exchange only a small portion of the object instead of retrieving the whole object first and then modifying it. To learn more about patches in Kubernetes, please take a look at the official docs.
Run the following kubectl command to add a new annotation my-annotation: my-value
to the Global Secret my-global-secret
in namespace loft
via a patch:
kubectl patch sharedsecrets.management.loft.sh my-global-secret -n loft \
--type json \
-p '[{"op": "add", "path": "/metadata/annotations/my-annotation", "value": "my-value"}]'
Update Global Secret
First retrieve the current object into a file object.yaml
. This could look like:
apiVersion: management.loft.sh/v1
kind: SharedSecret
metadata:
creationTimestamp: "2023-04-03T00:00:00Z"
generation: 12
name: my-global-secret
namespace: loft
resourceVersion: "66325905"
uid: af5f9f0f-8ab9-4b4b-a595-a95a5921f3c2
spec:
data:
password: cGFzc3dvcmQ=
description: Secret Data is base64 encoded.
displayName: My Global Secret
status: {}
Run the following curl command to update a single Global Secret my-global-secret
in namespace loft
:
# Replace the my-global-secret in the url below with the name of the Global Secret you want to update
curl -s "https://$LOFT_DOMAIN/kubernetes/management/apis/management.loft.sh/v1/namespaces/loft/sharedsecrets/my-global-secret" \
-X PUT --insecure \
-H "Content-Type: application/yaml" \
-H "Authorization: Bearer $ACCESS_KEY" \
--data-binary "$(cat object.yaml)"
Patch Global Secret
Patching a resource is useful if you want to generically exchange only a small portion of the object instead of retrieving the whole object first and then modifying it. To learn more about patches in Kubernetes, please take a look at the official docs.
Run the following curl command to add a new annotation my-annotation: my-value
to the Global Secret my-global-secret
in namespace loft
via a patch:
# Replace the my-global-secret in the url below with the name of the Global Secret you want to update
curl -s "https://$LOFT_DOMAIN/kubernetes/management/apis/management.loft.sh/v1/namespaces/loft/sharedsecrets/my-global-secret" \
-X PATCH --insecure \
-H "Content-Type: application/json-patch+json" \
-H "Authorization: Bearer $ACCESS_KEY" \
--data '[{"op": "add", "path": "/metadata/annotations/my-annotation", "value": "my-value"}]'
Delete: Global Secret
You can either use curl or kubectl to delete Global Secrets.
- kubectl
- curl
Run the following command to delete Global Secret my-global-secret
in namespace loft
:
kubectl delete sharedsecrets.management.loft.sh my-global-secret -n loft
Run the following curl command to delete Global Secret my-global-secret
in namespace loft
:
# Replace the my-global-secret in the url below with the name of the Global Secret you want to delete
curl -s "https://$LOFT_DOMAIN/kubernetes/management/apis/management.loft.sh/v1/namespaces/loft/sharedsecrets/my-global-secret" \
-X DELETE --insecure \
-H "Authorization: Bearer $ACCESS_KEY"