1OC CREATE SECRET(1)                June 2016               OC CREATE SECRET(1)
2
3
4

NAME

6       oc create secret generic - Create a secret from a local file, directory
7       or literal value
8
9
10

SYNOPSIS

12       oc create secret generic [OPTIONS]
13
14
15

DESCRIPTION

17       Create a secret based on a file, directory, or specified literal value.
18
19
20       A single secret may package one or more key/value pairs.
21
22
23       When creating a secret based on a file, the key  will  default  to  the
24       basename  of  the file, and the value will default to the file content.
25       If the basename is an invalid key or you wish to chose  your  own,  you
26       may specify an alternate key.
27
28
29       When  creating  a secret based on a directory, each file whose basename
30       is a valid key in the directory will be packaged into the  secret.  Any
31       directory  entries  except  regular files are ignored (e.g. subdirecto‐
32       ries, symlinks, devices, pipes, etc).
33
34
35

OPTIONS

37       --allow-missing-template-keys=true
38           If true, ignore any errors in templates when a field or map key  is
39       missing  in  the  template.  Only applies to golang and jsonpath output
40       formats.
41
42
43       --append-hash=false
44           Append a hash of the secret to its name.
45
46
47       --dry-run=false
48           If true, only print the object that would be sent, without  sending
49       it.
50
51
52       --from-env-file=""
53           Specify the path to a file to read lines of key=val pairs to create
54       a secret (i.e. a Docker .env file).
55
56
57       --from-file=[]
58           Key files can be specified using their file path, in which  case  a
59       default  name will be given to them, or optionally with a name and file
60       path, in which case the given name will be used.  Specifying  a  direc‐
61       tory  will  iterate  each  named  file in the directory that is a valid
62       secret key.
63
64
65       --from-literal=[]
66           Specify  a  key  and  literal  value  to  insert  in  secret  (i.e.
67       mykey=somevalue)
68
69
70       --generator="secret/v1"
71           The name of the API generator to use.
72
73
74       -o, --output=""
75           Output  format. One of: json|yaml|name|template|go-template|go-tem‐
76       plate-file|templatefile|jsonpath|jsonpath-file.
77
78
79       --save-config=false
80           If true, the configuration of current object will be saved  in  its
81       annotation.  Otherwise,  the annotation will be unchanged. This flag is
82       useful when you want to perform kubectl apply on  this  object  in  the
83       future.
84
85
86       --template=""
87           Template  string  or  path  to template file to use when -o=go-tem‐
88       plate, -o=go-template-file. The template format is golang  templates  [
89http://golang.org/pkg/text/template/#pkg-overview⟩].
90
91
92       --type=""
93           The type of secret to create
94
95
96       --validate=false
97           If true, use a schema to validate the input before sending it
98
99
100

OPTIONS INHERITED FROM PARENT COMMANDS

102       --allow_verification_with_non_compliant_keys=false
103           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
104       non-compliant with RFC6962.
105
106
107       --alsologtostderr=false
108           log to standard error as well as files
109
110
111       --application_metrics_count_limit=100
112           Max number of application metrics to store (per container)
113
114
115       --as=""
116           Username to impersonate for the operation
117
118
119       --as-group=[]
120           Group to impersonate for the operation, this flag can  be  repeated
121       to specify multiple groups.
122
123
124       --azure-container-registry-config=""
125           Path  to the file containing Azure container registry configuration
126       information.
127
128
129       --boot_id_file="/proc/sys/kernel/random/boot_id"
130           Comma-separated list of files to check for boot-id. Use  the  first
131       one that exists.
132
133
134       --cache-dir="/builddir/.kube/http-cache"
135           Default HTTP cache directory
136
137
138       --certificate-authority=""
139           Path to a cert file for the certificate authority
140
141
142       --client-certificate=""
143           Path to a client certificate file for TLS
144
145
146       --client-key=""
147           Path to a client key file for TLS
148
149
150       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
151           CIDRs opened in GCE firewall for LB traffic proxy  health checks
152
153
154       --cluster=""
155           The name of the kubeconfig cluster to use
156
157
158       --container_hints="/etc/cadvisor/container_hints.json"
159           location of the container hints file
160
161
162       --containerd="unix:///var/run/containerd.sock"
163           containerd endpoint
164
165
166       --context=""
167           The name of the kubeconfig context to use
168
169
170       --default-not-ready-toleration-seconds=300
171           Indicates   the   tolerationSeconds   of   the    toleration    for
172       notReady:NoExecute  that is added by default to every pod that does not
173       already have such a toleration.
174
175
176       --default-unreachable-toleration-seconds=300
177           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
178       able:NoExecute  that  is  added  by  default to every pod that does not
179       already have such a toleration.
180
181
182       --docker="unix:///var/run/docker.sock"
183           docker endpoint
184
185
186       --docker-tls=false
187           use TLS to connect to docker
188
189
190       --docker-tls-ca="ca.pem"
191           path to trusted CA
192
193
194       --docker-tls-cert="cert.pem"
195           path to client certificate
196
197
198       --docker-tls-key="key.pem"
199           path to private key
200
201
202       --docker_env_metadata_whitelist=""
203           a comma-separated list of environment variable keys that  needs  to
204       be collected for docker containers
205
206
207       --docker_only=false
208           Only report docker containers in addition to root stats
209
210
211       --docker_root="/var/lib/docker"
212           DEPRECATED:  docker  root is read from docker info (this is a fall‐
213       back, default: /var/lib/docker)
214
215
216       --enable_load_reader=false
217           Whether to enable cpu load reader
218
219
220       --event_storage_age_limit="default=24h"
221           Max length of time for which to store events (per type). Value is a
222       comma  separated  list  of  key  values, where the keys are event types
223       (e.g.: creation, oom) or "default" and the value is a duration. Default
224       is applied to all non-specified event types
225
226
227       --event_storage_event_limit="default=100000"
228           Max  number  of  events to store (per type). Value is a comma sepa‐
229       rated list of key values, where the keys are event  types  (e.g.:  cre‐
230       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
231       applied to all non-specified event types
232
233
234       --global_housekeeping_interval=0
235           Interval between global housekeepings
236
237
238       --housekeeping_interval=0
239           Interval between container housekeepings
240
241
242       --httptest.serve=""
243           if non-empty, httptest.NewServer serves on this address and blocks
244
245
246       --insecure-skip-tls-verify=false
247           If true, the server's certificate will not be checked for validity.
248       This will make your HTTPS connections insecure
249
250
251       --kubeconfig=""
252           Path to the kubeconfig file to use for CLI requests.
253
254
255       --log-flush-frequency=0
256           Maximum number of seconds between log flushes
257
258
259       --log_backtrace_at=:0
260           when logging hits line file:N, emit a stack trace
261
262
263       --log_cadvisor_usage=false
264           Whether to log the usage of the cAdvisor container
265
266
267       --log_dir=""
268           If non-empty, write log files in this directory
269
270
271       --logtostderr=true
272           log to standard error instead of files
273
274
275       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
276           Comma-separated  list  of  files  to  check for machine-id. Use the
277       first one that exists.
278
279
280       --match-server-version=false
281           Require server version to match client version
282
283
284       -n, --namespace=""
285           If present, the namespace scope for this CLI request
286
287
288       --request-timeout="0"
289           The length of time to wait before giving  up  on  a  single  server
290       request. Non-zero values should contain a corresponding time unit (e.g.
291       1s, 2m, 3h). A value of zero means don't timeout requests.
292
293
294       -s, --server=""
295           The address and port of the Kubernetes API server
296
297
298       --stderrthreshold=2
299           logs at or above this threshold go to stderr
300
301
302       --storage_driver_buffer_duration=0
303           Writes in the storage driver will be buffered  for  this  duration,
304       and committed to the non memory backends as a single transaction
305
306
307       --storage_driver_db="cadvisor"
308           database name
309
310
311       --storage_driver_host="localhost:8086"
312           database host:port
313
314
315       --storage_driver_password="root"
316           database password
317
318
319       --storage_driver_secure=false
320           use secure connection with database
321
322
323       --storage_driver_table="stats"
324           table name
325
326
327       --storage_driver_user="root"
328           database username
329
330
331       --token=""
332           Bearer token for authentication to the API server
333
334
335       --user=""
336           The name of the kubeconfig user to use
337
338
339       -v, --v=0
340           log level for V logs
341
342
343       --version=false
344           Print version information and quit
345
346
347       --vmodule=
348           comma-separated  list  of pattern=N settings for file-filtered log‐
349       ging
350
351
352

EXAMPLE

354                # Create a new secret named my-secret with keys for each file in folder bar
355                oc create secret generic my-secret --from-file=path/to/bar
356
357                # Create a new secret named my-secret with specified keys instead of names on disk
358                oc create secret generic my-secret --from-file=ssh-privatekey= /.ssh/id_rsa --from-file=ssh-publickey= /.ssh/id_rsa.pub
359
360                # Create a new secret named my-secret with key1=supersecret and key2=topsecret
361                oc create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
362
363                # Create a new secret named my-secret using a combination of a file and a literal
364                oc create secret generic my-secret --from-file=ssh-privatekey= /.ssh/id_rsa --from-literal=passphrase=topsecret
365
366                # Create a new secret named my-secret from an env file
367                oc create secret generic my-secret --from-env-file=path/to/bar.env
368
369
370
371

SEE ALSO

373       oc-create-secret(1),
374
375
376

HISTORY

378       June 2016, Ported from the Kubernetes man-doc generator
379
380
381
382Openshift                  Openshift CLI User Manuals      OC CREATE SECRET(1)
Impressum