Adding Secrets

Credentials can be added as account or user scoped secrets. These credentials can be used to access resources such as containers in a private OCI registry or input files stored in an S3 bucket.

select

Please select either the GUI or CLI tab to see the appropriate instructions for your environment.

GUI

Once you have logged in and selected an account, you can create a secret by first navigating to the secrets page using the navigation bar on the left side of the page. The image below, shows that user bphan@ciq.co is logged in and account SA has been selected.

User logged in and account selected

Navigating to the secrets page shows a list of account and user scoped secrets which have already been created. You can create a new secret by clicking the Add Secret button in the top right.

Secrets Page

Fuzzball enables you to create secrets at the user or account scope. You can select your desired scope at the top of the menu. In the image below, we are creating a user scoped secret. Next, you can give your secret a name and select the type of secret you’d like to create. In the example below, the secret being created is named my-user-s3-secret and its type is set to S3 using the drop down. Once your secret type is selected, the required fields for the secret should render for you to fill in. In the example below, we are filling in the fields access key ID, access key, region, and endpoint. A S3 session token is a temporary credential that’s returned along with an access key ID and a secret access key when an Amazon Web Services (AWS) account or IAM user requests temporary security credentials from AWS Security Token Service (AWS STS) and is an optional field. Once all the required fields are filled in, you can create your secret by clicking Add at the bottom right of the menu to create the S3 secret.

Fill in menu

In this example, after S3 secret my-user-s3-secret is created, it should be appended to the list of secrets within your account.

New secret created

CLI

Once you have created an appropriate secret YAML file, adding the secret to the cluster can be done like so:

$ fuzzball secret create -f value-test.yaml -s user DCG_VALUE_TEST
Created secret: 493b9c67-dedf-4138-84ac-b54dd7613699

$ fuzzball secret list
ID                                   | NAME                             | REFERENCE                                              | CREATED TIME          | LAST UPDATED          | SCOPE        | TYPE  | PRIVATE
493b9c67-dedf-4138-84ac-b54dd7613699 | DCG_VALUE_TEST                   | secret://user/DCG_VALUE_TEST                           | 2024-06-17 04:57:08PM | 2024-06-17 04:57:08PM | user         | value | No

If you want to add a secret with account scope instead of user scope (and you have the permissions to do so) simply change the -s user to -s account like so:

$ fuzzball secret create -f value-test.yaml -s account SA_VALUE_TEST
Created secret: f0bea820-c2a2-4a2f-b738-649f8a494150

$ fuzzball secret list
ID                                   | NAME                             | REFERENCE                                              | CREATED TIME          | LAST UPDATED          | SCOPE        | TYPE  | PRIVATE
493b9c67-dedf-4138-84ac-b54dd7613699 | DCG_VALUE_TEST                   | secret://user/DCG_VALUE_TEST                           | 2024-06-17 04:57:08PM | 2024-06-17 04:57:08PM | user         | value | No
f0bea820-c2a2-4a2f-b738-649f8a494150 | SA_VALUE_TEST                    | secret://account/SA_VALUE_TEST                         | 2024-06-17 04:57:57PM | 2024-06-17 04:57:57PM | account      | value | No

If you want to add a secret with account scope, you must be using the proper account. If you have currently selected your user account your secret will simply be added to your user account scope even if you select -s account when adding the secret. You can check which account you are using and change accounts with the fuzzball account list and fuzzball account select commands respectively.