1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create secret generic - Create a secret from a local file, di‐
10 rectory, or literal value
11
15 kubectl create secret generic [OPTIONS]
16
20 Create a secret based on a file, directory, or specified literal value.
21 A single secret may package one or more key/value pairs.
24 When creating a secret based on a file, the key will default to the
27 basename of the file, and the value will default to the file content.
28 If the basename is an invalid key or you wish to chose your own, you
29 may specify an alternate key.
30 When creating a secret based on a directory, each file whose basename
33 is a valid key in the directory will be packaged into the secret. Any
34 directory entries except regular files are ignored (e.g. subdirecto‐
35 ries, symlinks, devices, pipes, etc).
36
40 --allow-missing-template-keys=true If true, ignore any errors in
41 templates when a field or map key is missing in the template. Only ap‐
42 plies to golang and jsonpath output formats.
43 --append-hash=false Append a hash of the secret to its name.
46 --dry-run="none" Must be "none", "server", or "client". If client
49 strategy, only print the object that would be sent, without sending it.
50 If server strategy, submit server-side request without persisting the
51 resource.
52 --field-manager="kubectl-create" Name of the manager used to track
55 field ownership.
56 --from-env-file=[] Specify the path to a file to read lines of
59 key=val pairs to create a secret.
60 --from-file=[] Key files can be specified using their file path,
63 in which case a default name will be given to them, or optionally with
64 a name and file path, in which case the given name will be used. Spec‐
65 ifying a directory will iterate each named file in the directory that
66 is a valid secret key.
67 --from-literal=[] Specify a key and literal value to insert in se‐
70 cret (i.e. mykey=somevalue)
71 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
74 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
75 json, jsonpath-file).
76 --save-config=false If true, the configuration of current object
79 will be saved in its annotation. Otherwise, the annotation will be un‐
80 changed. This flag is useful when you want to perform kubectl apply on
81 this object in the future.
82 --show-managed-fields=false If true, keep the managedFields when
85 printing objects in JSON or YAML format.
86 --template="" Template string or path to template file to use when
89 -o=go-template, -o=go-template-file. The template format is golang tem‐
90 plates [http://golang.org/pkg/text/template/#pkg-overview].
91 --type="" The type of secret to create
94 --validate="strict" Must be one of: strict (or true), warn, ignore
97 (or false). "true" or "strict" will use a schema to validate
98 the input and fail the request if invalid. It will perform server side
99 validation if ServerSideFieldValidation is enabled on the api-server,
100 but will fall back to less reliable client-side validation if not.
101 "warn" will warn about unknown or duplicate fields without
102 blocking the request if server-side field validation is enabled on the
103 API server, and behave as "ignore" otherwise. "false" or
104 "ignore" will not perform any schema validation, silently dropping any
105 unknown or duplicate fields.
106
110 --as="" Username to impersonate for the operation. User could be a
111 regular user or a service account in a namespace.
112 --as-group=[] Group to impersonate for the operation, this flag
115 can be repeated to specify multiple groups.
116 --as-uid="" UID to impersonate for the operation.
119 --azure-container-registry-config="" Path to the file containing
122 Azure container registry configuration information.
123 --cache-dir="/builddir/.kube/cache" Default cache directory
126 --certificate-authority="" Path to a cert file for the certificate
129 authority
130 --client-certificate="" Path to a client certificate file for TLS
133 --client-key="" Path to a client key file for TLS
136 --cluster="" The name of the kubeconfig cluster to use
139 --context="" The name of the kubeconfig context to use
142 --disable-compression=false If true, opt-out of response compres‐
145 sion for all requests to the server
146 --insecure-skip-tls-verify=false If true, the server's certificate
149 will not be checked for validity. This will make your HTTPS connections
150 insecure
151 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
154 quests.
155 --match-server-version=false Require server version to match
158 client version
159 -n, --namespace="" If present, the namespace scope for this CLI
162 request
163 --password="" Password for basic authentication to the API server
166 --profile="none" Name of profile to capture. One of
169 (none|cpu|heap|goroutine|threadcreate|block|mutex)
170 --profile-output="profile.pprof" Name of the file to write the
173 profile to
174 --request-timeout="0" The length of time to wait before giving up
177 on a single server request. Non-zero values should contain a corre‐
178 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
179 out requests.
180 -s, --server="" The address and port of the Kubernetes API server
183 --tls-server-name="" Server name to use for server certificate
186 validation. If it is not provided, the hostname used to contact the
187 server is used
188 --token="" Bearer token for authentication to the API server
191 --user="" The name of the kubeconfig user to use
194 --username="" Username for basic authentication to the API server
197 --version=false Print version information and quit
200 --warnings-as-errors=false Treat warnings received from the server
203 as errors and exit with a non-zero exit code
204
208 # Create a new secret named my-secret with keys for each file in folder bar
209 kubectl create secret generic my-secret --from-file=path/to/bar
210 # Create a new secret named my-secret with specified keys instead of names on disk
212 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
213 # Create a new secret named my-secret with key1=supersecret and key2=topsecret
215 kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
216 # Create a new secret named my-secret using a combination of a file and a literal
218 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
219 # Create a new secret named my-secret from env files
221 kubectl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env
222
227 kubectl-create-secret(1),
228
232 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
233 com) based on the kubernetes source material, but hopefully they have
234 been automatically generated since!
235Manuals User KUBERNETES(1)(kubernetes)