1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create secret generic - Create a secret from a local file, di‐
10 rectory, or literal value
11
15 kubectl create secret generic [OPTIONS]
16
20 Create a secret based on a file, directory, or specified literal value.
21 A single secret may package one or more key/value pairs.
24 When creating a secret based on a file, the key will default to the
27 basename of the file, and the value will default to the file content.
28 If the basename is an invalid key or you wish to chose your own, you
29 may specify an alternate key.
30 When creating a secret based on a directory, each file whose basename
33 is a valid key in the directory will be packaged into the secret. Any
34 directory entries except regular files are ignored (e.g. subdirecto‐
35 ries, symlinks, devices, pipes, etc).
36
40 --allow-missing-template-keys=true If true, ignore any errors in
41 templates when a field or map key is missing in the template. Only ap‐
42 plies to golang and jsonpath output formats.
43 --append-hash=false Append a hash of the secret to its name.
46 --dry-run="none" Must be "none", "server", or "client". If client
49 strategy, only print the object that would be sent, without sending it.
50 If server strategy, submit server-side request without persisting the
51 resource.
52 --field-manager="kubectl-create" Name of the manager used to track
55 field ownership.
56 --from-env-file=[] Specify the path to a file to read lines of
59 key=val pairs to create a secret.
60 --from-file=[] Key files can be specified using their file path,
63 in which case a default name will be given to them, or optionally with
64 a name and file path, in which case the given name will be used. Spec‐
65 ifying a directory will iterate each named file in the directory that
66 is a valid secret key.
67 --from-literal=[] Specify a key and literal value to insert in se‐
70 cret (i.e. mykey=somevalue)
71 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
74 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
75 json, jsonpath-file).
76 --save-config=false If true, the configuration of current object
79 will be saved in its annotation. Otherwise, the annotation will be un‐
80 changed. This flag is useful when you want to perform kubectl apply on
81 this object in the future.
82 --show-managed-fields=false If true, keep the managedFields when
85 printing objects in JSON or YAML format.
86 --template="" Template string or path to template file to use when
89 -o=go-template, -o=go-template-file. The template format is golang tem‐
90 plates [http://golang.org/pkg/text/template/#pkg-overview].
91 --type="" The type of secret to create
94 --validate="strict" Must be one of: strict (or true), warn, ignore
97 (or false). "true" or "strict" will use a schema to validate
98 the input and fail the request if invalid. It will perform server side
99 validation if ServerSideFieldValidation is enabled on the api-server,
100 but will fall back to less reliable client-side validation if not.
101 "warn" will warn about unknown or duplicate fields without
102 blocking the request if server-side field validation is enabled on the
103 API server, and behave as "ignore" otherwise. "false" or
104 "ignore" will not perform any schema validation, silently dropping any
105 unknown or duplicate fields.
106
110 --as="" Username to impersonate for the operation. User could be a
111 regular user or a service account in a namespace.
112 --as-group=[] Group to impersonate for the operation, this flag
115 can be repeated to specify multiple groups.
116 --as-uid="" UID to impersonate for the operation.
119 --azure-container-registry-config="" Path to the file containing
122 Azure container registry configuration information.
123 --cache-dir="/builddir/.kube/cache" Default cache directory
126 --certificate-authority="" Path to a cert file for the certificate
129 authority
130 --client-certificate="" Path to a client certificate file for TLS
133 --client-key="" Path to a client key file for TLS
136 --cluster="" The name of the kubeconfig cluster to use
139 --context="" The name of the kubeconfig context to use
142 --insecure-skip-tls-verify=false If true, the server's certificate
145 will not be checked for validity. This will make your HTTPS connections
146 insecure
147 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
150 quests.
151 --match-server-version=false Require server version to match
154 client version
155 -n, --namespace="" If present, the namespace scope for this CLI
158 request
159 --password="" Password for basic authentication to the API server
162 --profile="none" Name of profile to capture. One of
165 (none|cpu|heap|goroutine|threadcreate|block|mutex)
166 --profile-output="profile.pprof" Name of the file to write the
169 profile to
170 --request-timeout="0" The length of time to wait before giving up
173 on a single server request. Non-zero values should contain a corre‐
174 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
175 out requests.
176 -s, --server="" The address and port of the Kubernetes API server
179 --tls-server-name="" Server name to use for server certificate
182 validation. If it is not provided, the hostname used to contact the
183 server is used
184 --token="" Bearer token for authentication to the API server
187 --user="" The name of the kubeconfig user to use
190 --username="" Username for basic authentication to the API server
193 --version=false Print version information and quit
196 --warnings-as-errors=false Treat warnings received from the server
199 as errors and exit with a non-zero exit code
200
204 # Create a new secret named my-secret with keys for each file in folder bar
205 kubectl create secret generic my-secret --from-file=path/to/bar
206 # Create a new secret named my-secret with specified keys instead of names on disk
208 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
209 # Create a new secret named my-secret with key1=supersecret and key2=topsecret
211 kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
212 # Create a new secret named my-secret using a combination of a file and a literal
214 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
215 # Create a new secret named my-secret from env files
217 kubectl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env
218
223 kubectl-create-secret(1),
224
228 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
229 com) based on the kubernetes source material, but hopefully they have
230 been automatically generated since!
231Manuals User KUBERNETES(1)(kubernetes)