1OC CREATE SECRET(1)                June 2016               OC CREATE SECRET(1)
2
3
4

NAME

6       oc create secret generic - Create a secret from a local file, directory
7       or literal value
8
9
10

SYNOPSIS

12       oc create secret generic [OPTIONS]
13
14
15

DESCRIPTION

17       Create a secret based on a file, directory, or specified literal value.
18
19
20       A single secret may package one or more key/value pairs.
21
22
23       When creating a secret based on a file, the key  will  default  to  the
24       basename  of  the file, and the value will default to the file content.
25       If the basename is an invalid key or you wish to chose  your  own,  you
26       may specify an alternate key.
27
28
29       When  creating  a secret based on a directory, each file whose basename
30       is a valid key in the directory will be packaged into the  secret.  Any
31       directory  entries  except  regular files are ignored (e.g. subdirecto‐
32       ries, symlinks, devices, pipes, etc).
33
34
35

OPTIONS

37       --allow-missing-template-keys=true
38           If true, ignore any errors in templates when a field or map key  is
39       missing  in  the  template.  Only applies to golang and jsonpath output
40       formats.
41
42
43       --append-hash=false
44           Append a hash of the secret to its name.
45
46
47       --dry-run=false
48           If true, only print the object that would be sent, without  sending
49       it.
50
51
52       --from-env-file=""
53           Specify the path to a file to read lines of key=val pairs to create
54       a secret (i.e. a Docker .env file).
55
56
57       --from-file=[]
58           Key files can be specified using their file path, in which  case  a
59       default  name will be given to them, or optionally with a name and file
60       path, in which case the given name will be used.  Specifying  a  direc‐
61       tory  will  iterate  each  named  file in the directory that is a valid
62       secret key.
63
64
65       --from-literal=[]
66           Specify  a  key  and  literal  value  to  insert  in  secret  (i.e.
67       mykey=somevalue)
68
69
70       --generator="secret/v1"
71           The name of the API generator to use.
72
73
74       -o, --output=""
75           Output  format. One of: json|yaml|name|template|go-template|go-tem‐
76       plate-file|templatefile|jsonpath|jsonpath-file.
77
78
79       --save-config=false
80           If true, the configuration of current object will be saved  in  its
81       annotation.  Otherwise,  the annotation will be unchanged. This flag is
82       useful when you want to perform kubectl apply on  this  object  in  the
83       future.
84
85
86       --template=""
87           Template  string  or  path  to template file to use when -o=go-tem‐
88       plate, -o=go-template-file. The template format is golang  templates  [
89http://golang.org/pkg/text/template/#pkg-overview⟩].
90
91
92       --type=""
93           The type of secret to create
94
95
96       --validate=false
97           If true, use a schema to validate the input before sending it
98
99
100

OPTIONS INHERITED FROM PARENT COMMANDS

102       --allow_verification_with_non_compliant_keys=false
103           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
104       non-compliant with RFC6962.
105
106
107       --alsologtostderr=false
108           log to standard error as well as files
109
110
111       --application_metrics_count_limit=100
112           Max number of application metrics to store (per container)
113
114
115       --as=""
116           Username to impersonate for the operation
117
118
119       --as-group=[]
120           Group to impersonate for the operation, this flag can  be  repeated
121       to specify multiple groups.
122
123
124       --azure-container-registry-config=""
125           Path  to the file containing Azure container registry configuration
126       information.
127
128
129       --boot_id_file="/proc/sys/kernel/random/boot_id"
130           Comma-separated list of files to check for boot-id. Use  the  first
131       one that exists.
132
133
134       --cache-dir="/builddir/.kube/http-cache"
135           Default HTTP cache directory
136
137
138       --certificate-authority=""
139           Path to a cert file for the certificate authority
140
141
142       --client-certificate=""
143           Path to a client certificate file for TLS
144
145
146       --client-key=""
147           Path to a client key file for TLS
148
149
150       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
151           CIDRs opened in GCE firewall for LB traffic proxy  health checks
152
153
154       --cluster=""
155           The name of the kubeconfig cluster to use
156
157
158       --container_hints="/etc/cadvisor/container_hints.json"
159           location of the container hints file
160
161
162       --containerd="unix:///var/run/containerd.sock"
163           containerd endpoint
164
165
166       --context=""
167           The name of the kubeconfig context to use
168
169
170       --default-not-ready-toleration-seconds=300
171           Indicates   the   tolerationSeconds   of   the    toleration    for
172       notReady:NoExecute  that is added by default to every pod that does not
173       already have such a toleration.
174
175
176       --default-unreachable-toleration-seconds=300
177           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
178       able:NoExecute  that  is  added  by  default to every pod that does not
179       already have such a toleration.
180
181
182       --docker="unix:///var/run/docker.sock"
183           docker endpoint
184
185
186       --docker-tls=false
187           use TLS to connect to docker
188
189
190       --docker-tls-ca="ca.pem"
191           path to trusted CA
192
193
194       --docker-tls-cert="cert.pem"
195           path to client certificate
196
197
198       --docker-tls-key="key.pem"
199           path to private key
200
201
202       --docker_env_metadata_whitelist=""
203           a comma-separated list of environment variable keys that  needs  to
204       be collected for docker containers
205
206
207       --docker_only=false
208           Only report docker containers in addition to root stats
209
210
211       --docker_root="/var/lib/docker"
212           DEPRECATED:  docker  root is read from docker info (this is a fall‐
213       back, default: /var/lib/docker)
214
215
216       --enable_load_reader=false
217           Whether to enable cpu load reader
218
219
220       --event_storage_age_limit="default=24h"
221           Max length of time for which to store events (per type). Value is a
222       comma  separated  list  of  key  values, where the keys are event types
223       (e.g.: creation, oom) or "default" and the value is a duration. Default
224       is applied to all non-specified event types
225
226
227       --event_storage_event_limit="default=100000"
228           Max  number  of  events to store (per type). Value is a comma sepa‐
229       rated list of key values, where the keys are event  types  (e.g.:  cre‐
230       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
231       applied to all non-specified event types
232
233
234       --global_housekeeping_interval=0
235           Interval between global housekeepings
236
237
238       --housekeeping_interval=0
239           Interval between container housekeepings
240
241
242       --insecure-skip-tls-verify=false
243           If true, the server's certificate will not be checked for validity.
244       This will make your HTTPS connections insecure
245
246
247       --kubeconfig=""
248           Path to the kubeconfig file to use for CLI requests.
249
250
251       --log-flush-frequency=0
252           Maximum number of seconds between log flushes
253
254
255       --log_backtrace_at=:0
256           when logging hits line file:N, emit a stack trace
257
258
259       --log_cadvisor_usage=false
260           Whether to log the usage of the cAdvisor container
261
262
263       --log_dir=""
264           If non-empty, write log files in this directory
265
266
267       --logtostderr=true
268           log to standard error instead of files
269
270
271       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
272           Comma-separated  list  of  files  to  check for machine-id. Use the
273       first one that exists.
274
275
276       --match-server-version=false
277           Require server version to match client version
278
279
280       -n, --namespace=""
281           If present, the namespace scope for this CLI request
282
283
284       --request-timeout="0"
285           The length of time to wait before giving  up  on  a  single  server
286       request. Non-zero values should contain a corresponding time unit (e.g.
287       1s, 2m, 3h). A value of zero means don't timeout requests.
288
289
290       -s, --server=""
291           The address and port of the Kubernetes API server
292
293
294       --stderrthreshold=2
295           logs at or above this threshold go to stderr
296
297
298       --storage_driver_buffer_duration=0
299           Writes in the storage driver will be buffered  for  this  duration,
300       and committed to the non memory backends as a single transaction
301
302
303       --storage_driver_db="cadvisor"
304           database name
305
306
307       --storage_driver_host="localhost:8086"
308           database host:port
309
310
311       --storage_driver_password="root"
312           database password
313
314
315       --storage_driver_secure=false
316           use secure connection with database
317
318
319       --storage_driver_table="stats"
320           table name
321
322
323       --storage_driver_user="root"
324           database username
325
326
327       --token=""
328           Bearer token for authentication to the API server
329
330
331       --user=""
332           The name of the kubeconfig user to use
333
334
335       -v, --v=0
336           log level for V logs
337
338
339       --version=false
340           Print version information and quit
341
342
343       --vmodule=
344           comma-separated  list  of pattern=N settings for file-filtered log‐
345       ging
346
347
348

EXAMPLE

350                # Create a new secret named my-secret with keys for each file in folder bar
351                oc create secret generic my-secret --from-file=path/to/bar
352
353                # Create a new secret named my-secret with specified keys instead of names on disk
354                oc create secret generic my-secret --from-file=ssh-privatekey= /.ssh/id_rsa --from-file=ssh-publickey= /.ssh/id_rsa.pub
355
356                # Create a new secret named my-secret with key1=supersecret and key2=topsecret
357                oc create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
358
359                # Create a new secret named my-secret using a combination of a file and a literal
360                oc create secret generic my-secret --from-file=ssh-privatekey= /.ssh/id_rsa --from-literal=passphrase=topsecret
361
362                # Create a new secret named my-secret from an env file
363                oc create secret generic my-secret --from-env-file=path/to/bar.env
364
365
366
367

SEE ALSO

369       oc-create-secret(1),
370
371
372

HISTORY

374       June 2016, Ported from the Kubernetes man-doc generator
375
376
377
378Openshift                  Openshift CLI User Manuals      OC CREATE SECRET(1)
Impressum