Adding Secrets

Credentials can be added as group or user scoped secrets. These credentials can be used to access resources such as containers in a private OCI registry or input files stored in an S3 bucket.

select

Please select either the web UI or CLI tab to see the appropriate instructions for your environment.

web UI

SIF image decryption secrets can currently only be created using the CLI.

Once you have logged in and selected an account, you can create a secret by first navigating to the secrets page using the navigation bar on the left side of the page. The image below, shows that user bphan@ciq.co is logged in and group SA has been selected.

User logged in and group selected

Navigating to the secrets page shows a list of group and user scoped secrets which have already been created. You can create a new secret by clicking the Add Secret button in the top right.

Secrets Page

Fuzzball enables you to create secrets at the user or group scope. You can select your desired scope at the top of the menu. In the image below, we are creating a user scoped secret. Next, you can give your secret a name and select the type of secret you’d like to create. In the example below, the secret being created is named my-user-s3-secret and its type is set to S3 using the drop down. Once your secret type is selected, the required fields for the secret should render for you to fill in. In the example below, we are filling in the fields access key ID, access key, region, and endpoint. A S3 session token is a temporary credential that’s returned along with an access key ID and a secret access key when an Amazon Web Services (AWS) account or IAM user requests temporary security credentials from AWS Security Token Service (AWS STS) and is an optional field. Once all the required fields are filled in, you can create your secret by clicking Add at the bottom right of the menu to create the S3 secret.

Fill in menu

In this example, after S3 secret my-user-s3-secret is created, it should be appended to the list of secrets within your group.

New secret created

CLI

Once you have created an appropriate secret YAML file, adding the secret to the cluster can be done like so:

$ fuzzball secret create -f value-test.yaml -s user DCG_VALUE_TEST
Created secret: 493b9c67-dedf-4138-84ac-b54dd7613699

$ fuzzball secret list
ID                                   | NAME                             | REFERENCE                                              | CREATED TIME          | LAST UPDATED          | SCOPE        | TYPE  | PRIVATE
493b9c67-dedf-4138-84ac-b54dd7613699 | DCG_VALUE_TEST                   | secret://user/DCG_VALUE_TEST                           | 2024-06-17 04:57:08PM | 2024-06-17 04:57:08PM | user         | value | No

If you want to add a secret with group scope instead of user scope (and you have the permissions to do so) simply change the -s user to -s group like so:

$ fuzzball secret create -f value-test.yaml -s group SA_VALUE_TEST
Created secret: f0bea820-c2a2-4a2f-b738-649f8a494150

$ fuzzball secret list
ID                                   | NAME                             | REFERENCE                                              | CREATED TIME          | LAST UPDATED          | SCOPE        | TYPE  | PRIVATE
493b9c67-dedf-4138-84ac-b54dd7613699 | DCG_VALUE_TEST                   | secret://user/DCG_VALUE_TEST                           | 2024-06-17 04:57:08PM | 2024-06-17 04:57:08PM | user         | value | No
f0bea820-c2a2-4a2f-b738-649f8a494150 | SA_VALUE_TEST                    | secret://account/SA_VALUE_TEST                         | 2024-06-17 04:57:57PM | 2024-06-17 04:57:57PM | group        | value | No

If you want to add a secret with group scope, you must be using the proper group. If you have currently selected your individual group your secret will simply be added to your personal user scope even if you select -s group when adding the secret. You can check which group you are using and change groups with the fuzzball group list and fuzzball group select commands respectively.