Container Secrets

A secret is an object that contains a small amount of sensitive data such as a password, token, or key.

---

Accessing Container Secrets

1. After logging into CHAI™, click on the project where you want to update container secrets, then click Cruize.

   

2. Click on the blueprint version count on the blueprint card. After clicking the count, the blueprint versions page will be displayed, which contains a list of blueprint versions.

   

3. Then deployment definition page will be opened, now go to Containers tab. Select container and then go to Secrets tab as shown in the below image.

4. Click on the View configurations kebab menu option or click on the blueprint version name to view blueprint configurations. Go to the Deployments tab and click Edit deployment definition from the Action column of any deployment.

5. The deployment definition page will open. Now go to the Containers tab. Select a container, then go to the Secrets tab as shown in the image below.

   

---

Add Secret

There are two ways to add a secret:

1. Adding a New Secret

1. Click the Add New Secret button from the Secrets tab. A form will be displayed to add a secret as shown in the image below.

   

2. Add a secret by providing the following details:

   Field	Description
   Secret name	Enter the secret name
   Referenced as	Default selected is "Env", change as applicable
   Input type	Select applicable input type (Text-based / File-based)
   Add Text/File Data	Based on input type, provide key values using text data or by uploading a file for the value
   Labels and Annotations	Optional - Add labels and annotations here
   Secret Type	There are 5 different secret types. Default selected is "Opaque". Enter secrets data based on the selected secret type.

---

Secret Name

Naming requirements: - Only lowercase alphanumeric characters, hyphens (-), or periods (.) are allowed - Must start and end with an alphanumeric character - Maximum 253 characters allowed - Name must be unique

---

Referenced As

There are two options for "Referenced as":

Env: - For Env, provide text-based secret data

Volume Mount: - For Volume Mount, provide secret data using text-based or file-based input - Provide data based on the selected secret type - For Volume Mount, provide the following details: - Mount path: Enter the mount path, which should start with '/' - Subpath: Optional - Subpath key: Also optional, but if subpath is entered, then subpath key is mandatory

---

Secret Type

There are 5 secret types available:

1. Opaque: For opaque type secrets, provide key-value pair data.
2. kubernetes.io/basic-auth: For kubernetes.io/basic-auth, provide username and password.
3. kubernetes.io/ssh-auth: For kubernetes.io/ssh-auth, provide ssh-privatekey.
4. kubernetes.io/tls: For kubernetes.io/tls, provide TLS certificate and key.
5. kubernetes.io/dockerconfigjson: For kubernetes.io/dockerconfigjson, provide Docker config JSON.

Important Note:
Provide secret data either using text-based input or file-based input (only available for "Referenced as" Volume Mount).

---

Labels & Annotations

Click here to learn more about labels and annotations.

---

1. Provide all details and click the Save button.

   

---

2. Add from Shareable Secret

Prerequisites: To add a secret from the shareable secret list, first create a shared secret in the blueprint. Click here to learn more about adding shared secrets.

1. Click the Add from Shareable Secrets button as shown in the image below.

   

2. After clicking the button, the shared secret list will be displayed as shown in the image below.

   

3. Select secret(s) from the list and click Save. All the selected secrets will be listed as shown in the image below.

   

---

View Secrets Labels and Annotations

To view secret labels & annotations:

• Click the View icon from the actions column in the secrets table as shown in the image below.

  

---

Edit Secrets

1. Click the Edit icon from the actions column in the secrets table to edit secret details as shown in the image below.

   

2. This will open a form with data to edit. After editing, click the Update button to save the changes.

   

   Note: In edit secret, data values are shown in ****** format for security purposes.

Note: If a secret is added from the shareable option, it cannot be edited. In that case, the edit option is disabled as shown in the image below.

---

Delete Secret

To delete a secret:

• Click the Delete icon from the actions column of the secrets table as shown in the image below.

  

Note: If a secret is added from the shareable option and is deleted, it will be removed only from the container's secret list.