The secrets command group helps you manage sensitive information for your agent deployments. You can create and manage secret sets (key-value pairs) and image pull secrets (for private Docker registries).

list

List secret sets and image pull secrets for active namespace / organization.

If provided with a valid secret set name, will show the keys of that set (values are hidden.)

Usage:

pcc secrets list [ARGS] [OPTIONS]

Arguments:

name
string

Name of the secret set list keys for. Must be a valid string identifier.

Options:

--sets / -s
boolean
default:"true"

Show secret sets only. Filter out image pull secrets from the results.

--organization / -o
string

Organization to list secrets for. If not provided, uses the current organization from your configuration.

set

Create or update a secret set with the given name and key-value pairs. Secrets can be passed directly as key value pairs or loaded from a file.

Usage:

pcc secrets set [ARGS] [OPTIONS]

Arguments:

name
string
required

Name of the secret set to create or modify. Must be a valid string identifier containing only characters, numbers, and hyphens.

secrets
string

List of secret key-value pairs e.g. KEY1=value1 KEY2="value with spaces".

See this note on using special characters in secret values.

Example:

pcc secrets set my-secrets 'API_KEY=123 API_KEY_2="value with spaces"'

Options:

--file / -f
string

Relative path to a file with a list of secret key-value pairs. Each line in the file should be in the format KEY=value.

Example:

pcc secrets set my-secrets --file .env
--skip / -s
boolean
default:"false"

Skip confirmations and proceed with the operation.

--organization / -o
string

Organization to create/update the secret set in. If not provided, uses the current organization from your configuration.

unset

Removes a specific secret key from a secret set.

Usage:

pcc secrets unset [ARGS] [OPTIONS]

Arguments:

name
string
required

Name of the secret set to remove the secret from.

secret_key
string
required

The key of the secret to remove from the set.

Example:

pcc secrets unset my-secret-set SOME_KEY

Options:

--skip / -s
boolean
default:"false"

Skip confirmations and proceed with the operation.

--organization / -o
string

Organization containing the secret set. If not provided, uses the current organization from your configuration.

delete

Deletes an entire secret set.

Usage:

pcc secrets delete [ARGS] [OPTIONS]

Arguments:

name
string
required

Name of the secret set to delete. This action is irreversible.

Options:

--skip / -s
boolean
default:"false"

Skip confirmations and proceed with the operation.

--organization / -o
string

Organization containing the secret set. If not provided, uses the current organization from your configuration.

image-pull-secret

Creates credentials for pulling images from private Docker registries.

This command encodes and securely stores your image repository credentials. These credentials are used with the deploy command when pulling images from private repositories. If you don’t provide credentials directly, the command will prompt you for input and offer the option to encode them in base64 format for additional security.

Usage:

pcc secrets image-pull-secret [ARGS] [OPTIONS]

Arguments:

name
string
required

Name of the credentials set to create or modify. Must be a valid string identifier.

host
string
required

Host address of the image repository e.g. https://index.docker.io/v1/.

credentials
string
default:"prompts for input"

Credentials for the image repository in the form of username:password.

Will prompt you for the value if not provided.

Example:

pcc secrets image-pull-secret my-registry-creds https://index.docker.io/v1/ my-username:my-password

Options:

--encode
boolean
default:"true"

Encode the credentials in base64 format.

--organization / -o
string

Organization to create the image pull secret in. If not provided, uses the current organization from your configuration.

More about secrets

organizations