Updated on 2025-04-03 GMT+08:00

ccictl create secret generic

Scenario

Create a secret based on a file, directory, or specified literal value.

A secret can contain one or more key-value pairs.

When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you want to choose your own, you may specify an alternate key.

When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries (such as subdirectories, symlinks, devices, pipes) except regular files are ignored.

ccictl create secret generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1]

Examples

# Create a secret named my-secret with keys as each file in the bar folder.
ccictl create secret generic my-secret --from-file=path/to/bar

# Create a secret named my-secret with specified keys instead of the names on the disk.
ccictl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub

# Create a secret named my-secret with key1=supersecret and key2=topsecret.
ccictl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret

# Create a new secret named my-secret using a combination of a file and a literal.
ccictl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret

# Create a new secret named my-secret from env files.
ccictl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env

Options

--allow-missing-template-keys     Default: true

If the value is true, the error in the template is ignored when a field or mapping key is missing in the template. This option applies only to the Golang and JSONPath output formats.

--append-hash

Append a hash of the secret to its name.

--from-env-file strings

Specify the file path to read lines of key=val pairs to create a secret.

--from-file strings

Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.

--from-literal strings

Specify a key and literal value (for example, mykey=somevalue) to insert in the secret.

-h, --help

Help information for create secret generic

-o, --output string

Output format. The value options include json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, and jsonpath-file.

--save-config

If the value is true, the configuration of the object is saved in its annotation. Otherwise, the annotation remains unchanged. This flag is useful when you want to run the ccictl apply command on the object.

--template string

Template character string or template file path used when -o is set to go-template or go-template-file. The Golang template format is [http://golang.org/pkg/text/template/#pkg-overview].

--type string

Type of the secret to be created

The following ccictl options can also be used in subcommands:

Parent command options