1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl  create secret generic - Create a secret from a local file, di‐
10       rectory, or literal value
11
12
13

SYNOPSIS

15       kubectl create secret generic [OPTIONS]
16
17
18

DESCRIPTION

20       Create a secret based on a file, directory, or specified literal value.
21
22
23       A single secret may package one or more key/value pairs.
24
25
26       When creating a secret based on a file, the key  will  default  to  the
27       basename  of  the file, and the value will default to the file content.
28       If the basename is an invalid key or you wish to chose  your  own,  you
29       may specify an alternate key.
30
31
32       When  creating  a secret based on a directory, each file whose basename
33       is a valid key in the directory will be packaged into the  secret.  Any
34       directory  entries  except  regular files are ignored (e.g. subdirecto‐
35       ries, symlinks, devices, pipes, etc).
36
37
38

OPTIONS

40       --allow-missing-template-keys=true      If true, ignore any  errors  in
41       templates  when a field or map key is missing in the template. Only ap‐
42       plies to golang and jsonpath output formats.
43
44
45       --append-hash=false      Append a hash of the secret to its name.
46
47
48       --dry-run="none"      Must be "none", "server", or "client". If  client
49       strategy, only print the object that would be sent, without sending it.
50       If server strategy, submit server-side request without  persisting  the
51       resource.
52
53
54       --field-manager="kubectl-create"      Name of the manager used to track
55       field ownership.
56
57
58       --from-env-file=[]      Specify the path to a file  to  read  lines  of
59       key=val pairs to create a secret.
60
61
62       --from-file=[]       Key  files can be specified using their file path,
63       in which case a default name will be given to them, or optionally  with
64       a name and file path, in which case the given name will be used.  Spec‐
65       ifying a directory will iterate each named file in the  directory  that
66       is a valid secret key.
67
68
69       --from-literal=[]      Specify a key and literal value to insert in se‐
70       cret (i.e. mykey=somevalue)
71
72
73       -o, --output=""      Output format. One of: (json, yaml, name,  go-tem‐
74       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
75       json, jsonpath-file).
76
77
78       --save-config=false      If true, the configuration of  current  object
79       will  be saved in its annotation. Otherwise, the annotation will be un‐
80       changed. This flag is useful when you want to perform kubectl apply  on
81       this object in the future.
82
83
84       --show-managed-fields=false       If  true, keep the managedFields when
85       printing objects in JSON or YAML format.
86
87
88       --template=""      Template string or path to template file to use when
89       -o=go-template, -o=go-template-file. The template format is golang tem‐
90       plates [http://golang.org/pkg/text/template/#pkg-overview].
91
92
93       --type=""      The type of secret to create
94
95
96       --validate="strict"      Must be one of: strict (or true), warn, ignore
97       (or false).            "true" or "strict" will use a schema to validate
98       the input and fail the request if invalid. It will perform server  side
99       validation  if  ServerSideFieldValidation is enabled on the api-server,
100       but will fall back to less  reliable  client-side  validation  if  not.
101                 "warn"  will  warn  about unknown or duplicate fields without
102       blocking the request if server-side field validation is enabled on  the
103       API  server,  and  behave  as "ignore" otherwise.            "false" or
104       "ignore" will not perform any schema validation, silently dropping  any
105       unknown or duplicate fields.
106
107
108

OPTIONS INHERITED FROM PARENT COMMANDS

110       --as=""      Username to impersonate for the operation. User could be a
111       regular user or a service account in a namespace.
112
113
114       --as-group=[]      Group to impersonate for the  operation,  this  flag
115       can be repeated to specify multiple groups.
116
117
118       --as-uid=""      UID to impersonate for the operation.
119
120
121       --azure-container-registry-config=""       Path  to the file containing
122       Azure container registry configuration information.
123
124
125       --cache-dir="/builddir/.kube/cache"      Default cache directory
126
127
128       --certificate-authority=""      Path to a cert file for the certificate
129       authority
130
131
132       --client-certificate=""      Path to a client certificate file for TLS
133
134
135       --client-key=""      Path to a client key file for TLS
136
137
138       --cluster=""      The name of the kubeconfig cluster to use
139
140
141       --context=""      The name of the kubeconfig context to use
142
143
144       --insecure-skip-tls-verify=false      If true, the server's certificate
145       will not be checked for validity. This will make your HTTPS connections
146       insecure
147
148
149       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
150       quests.
151
152
153       --match-server-version=false       Require  server  version  to   match
154       client version
155
156
157       -n,  --namespace=""       If  present, the namespace scope for this CLI
158       request
159
160
161       --password=""      Password for basic authentication to the API server
162
163
164       --profile="none"        Name   of   profile   to   capture.   One    of
165       (none|cpu|heap|goroutine|threadcreate|block|mutex)
166
167
168       --profile-output="profile.pprof"       Name  of  the  file to write the
169       profile to
170
171
172       --request-timeout="0"      The length of time to wait before giving  up
173       on  a  single  server  request. Non-zero values should contain a corre‐
174       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
175       out requests.
176
177
178       -s, --server=""      The address and port of the Kubernetes API server
179
180
181       --tls-server-name=""       Server  name  to  use for server certificate
182       validation. If it is not provided, the hostname  used  to  contact  the
183       server is used
184
185
186       --token=""      Bearer token for authentication to the API server
187
188
189       --user=""      The name of the kubeconfig user to use
190
191
192       --username=""      Username for basic authentication to the API server
193
194
195       --version=false      Print version information and quit
196
197
198       --warnings-as-errors=false      Treat warnings received from the server
199       as errors and exit with a non-zero exit code
200
201
202

EXAMPLE

204                # Create a new secret named my-secret with keys for each file in folder bar
205                kubectl create secret generic my-secret --from-file=path/to/bar
206
207                # Create a new secret named my-secret with specified keys instead of names on disk
208                kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
209
210                # Create a new secret named my-secret with key1=supersecret and key2=topsecret
211                kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
212
213                # Create a new secret named my-secret using a combination of a file and a literal
214                kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
215
216                # Create a new secret named my-secret from env files
217                kubectl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env
218
219
220
221

SEE ALSO

223       kubectl-create-secret(1),
224
225
226

HISTORY

228       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
229       com)  based  on the kubernetes source material, but hopefully they have
230       been automatically generated since!
231
232
233
234Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum