secrets
Creates, updates, deletes, gets or lists a secrets resource.
Overview
| Name | secrets |
| Type | Resource |
| Id | cloudflare.secrets_store.secrets |
Fields
The following fields are returned by SELECT queries:
- get_by_account
- get_by_system
- list_by_account
- list_by_system
secret detail
| Name | Datatype | Description |
|---|---|---|
id | string | Secret identifier tag. (example: 3fd85f74b32742f1bff64a85009dda07) |
name | string | The name of the secret (example: MY_API_KEY) |
store_id | string | Store Identifier (example: 023e105f4ecef8ad9ca31a8372d0c353) |
comment | string | Freeform text describing the secret (example: info about my secret) |
created | string (date-time) | Whenthe secret was created. (example: 2023-09-21T18:56:32.624632Z) |
modified | string (date-time) | When the secret was modified. (example: 2023-09-21T18:56:32.624632Z) |
scopes | array | The list of services that can use this secret. |
status | string | (pending, active, deleted) |
Secret detail
| Name | Datatype | Description |
|---|---|---|
id | string | Secret identifier tag. (example: 3fd85f74b32742f1bff64a85009dda07) |
name | string | The name of the secret (example: MY_API_KEY) |
store_id | string | Store Identifier (example: 023e105f4ecef8ad9ca31a8372d0c353) |
comment | string | Freeform text describing the secret (example: info about my secret) |
created | string (date-time) | Whenthe secret was created. (example: 2023-09-21T18:56:32.624632Z) |
modified | string (date-time) | When the secret was modified. (example: 2023-09-21T18:56:32.624632Z) |
scopes | array | The list of services that can use this secret. |
status | string | (pending, active, deleted) |
List store secrets response
| Name | Datatype | Description |
|---|---|---|
id | string | Secret identifier tag. (example: 3fd85f74b32742f1bff64a85009dda07) |
name | string | The name of the secret (example: MY_API_KEY) |
store_id | string | Store Identifier (example: 023e105f4ecef8ad9ca31a8372d0c353) |
comment | string | Freeform text describing the secret (example: info about my secret) |
created | string (date-time) | Whenthe secret was created. (example: 2023-09-21T18:56:32.624632Z) |
modified | string (date-time) | When the secret was modified. (example: 2023-09-21T18:56:32.624632Z) |
scopes | array | The list of services that can use this secret. |
status | string | (pending, active, deleted) |
List store secrets response
| Name | Datatype | Description |
|---|---|---|
id | string | Secret identifier tag. (example: 3fd85f74b32742f1bff64a85009dda07) |
name | string | The name of the secret (example: MY_API_KEY) |
store_id | string | Store Identifier (example: 023e105f4ecef8ad9ca31a8372d0c353) |
comment | string | Freeform text describing the secret (example: info about my secret) |
created | string (date-time) | Whenthe secret was created. (example: 2023-09-21T18:56:32.624632Z) |
modified | string (date-time) | When the secret was modified. (example: 2023-09-21T18:56:32.624632Z) |
scopes | array | The list of services that can use this secret. |
status | string | (pending, active, deleted) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_by_account | select | account_id, store_id, secret_id | Returns details of a single secret | |
get_by_system | select | account_tag, store_id, secret_id | Returns details of a single secret from a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service. | |
list_by_account | select | account_id, store_id | direction, page, per_page, search, order, scopes | Lists all store secrets |
list_by_system | select | account_tag, store_id | direction, page, per_page, search, order, scopes | Lists all secrets in a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service. |
duplicate_by_account | insert | account_id, store_id, secret_id, name, scopes | Duplicates the secret, keeping the value | |
secrets_store_secret_create | insert | account_id, store_id | Creates a secret in the account | |
secrets_store_system_secret_create | insert | account_tag, store_id | Creates one or more secrets in a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service. | |
edit | update | account_id, store_id, secret_id | Updates a single secret | |
secrets_store_system_patch_by_id | update | account_tag, store_id, secret_id | Updates a single secret in a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service. | |
delete | delete | account_id, store_id, secret_id | Deletes a single secret | |
secrets_store_system_secret_delete_by_id | delete | account_tag, store_id, secret_id | Deletes a single secret from a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service. | |
bulk_delete | delete | account_id, store_id | Deletes one or more secrets | |
secrets_store_system_delete_bulk | delete | account_tag, store_id | Deletes one or more secrets from a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service. | |
duplicate_by_system | exec | account_tag, store_id, secret_id, name, scopes | Duplicates a secret in a store managed by the calling service, keeping the value. Returns 404 if the store doesn't exist or is not managed by the authenticated service. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
account_tag | string | Account tag identifier (e.g., '12a6ed19f349896cfbd6694ba3de8d31'). This is the account's external tag identifier, not the numeric account ID. |
secret_id | string | The secret ID. |
store_id | string | The secrets store ID. |
direction | string | Direction to sort objects |
order | string | Order secrets by values in the given field |
page | integer | Page number |
per_page | integer | Number of objects to return per page |
scopes | array | Only secrets with the given scopes will be returned |
search | string | Search secrets using a filter string, filtering across name and comment |
SELECT examples
- get_by_account
- get_by_system
- list_by_account
- list_by_system
Returns details of a single secret
SELECT
id,
name,
store_id,
comment,
created,
modified,
scopes,
status
FROM cloudflare.secrets_store.secrets
WHERE account_id = '{{ account_id }}' -- required
AND store_id = '{{ store_id }}' -- required
AND secret_id = '{{ secret_id }}' -- required
;
Returns details of a single secret from a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
SELECT
id,
name,
store_id,
comment,
created,
modified,
scopes,
status
FROM cloudflare.secrets_store.secrets
WHERE account_tag = '{{ account_tag }}' -- required
AND store_id = '{{ store_id }}' -- required
AND secret_id = '{{ secret_id }}' -- required
;
Lists all store secrets
SELECT
id,
name,
store_id,
comment,
created,
modified,
scopes,
status
FROM cloudflare.secrets_store.secrets
WHERE account_id = '{{ account_id }}' -- required
AND store_id = '{{ store_id }}' -- required
AND direction = '{{ direction }}'
AND page = '{{ page }}'
AND per_page = '{{ per_page }}'
AND search = '{{ search }}'
AND order = '{{ order }}'
AND scopes = '{{ scopes }}'
;
Lists all secrets in a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
SELECT
id,
name,
store_id,
comment,
created,
modified,
scopes,
status
FROM cloudflare.secrets_store.secrets
WHERE account_tag = '{{ account_tag }}' -- required
AND store_id = '{{ store_id }}' -- required
AND direction = '{{ direction }}'
AND page = '{{ page }}'
AND per_page = '{{ per_page }}'
AND search = '{{ search }}'
AND order = '{{ order }}'
AND scopes = '{{ scopes }}'
;
INSERT examples
- duplicate_by_account
- secrets_store_secret_create
- secrets_store_system_secret_create
- Manifest
Duplicates the secret, keeping the value
INSERT INTO cloudflare.secrets_store.secrets (
comment,
name,
scopes,
account_id,
store_id,
secret_id
)
SELECT
'{{ comment }}',
'{{ name }}' /* required */,
'{{ scopes }}' /* required */,
'{{ account_id }}',
'{{ store_id }}',
'{{ secret_id }}'
RETURNING
errors,
messages,
result,
result_info,
success
;
Creates a secret in the account
INSERT INTO cloudflare.secrets_store.secrets (
account_id,
store_id
)
SELECT
'{{ account_id }}',
'{{ store_id }}'
RETURNING
errors,
messages,
result,
result_info,
success
;
Creates one or more secrets in a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
INSERT INTO cloudflare.secrets_store.secrets (
account_tag,
store_id
)
SELECT
'{{ account_tag }}',
'{{ store_id }}'
RETURNING
errors,
messages,
result,
result_info,
success
;
# Description fields are for documentation purposes
- name: secrets
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the secrets resource.
- name: store_id
value: "{{ store_id }}"
description: Required parameter for the secrets resource.
- name: secret_id
value: "{{ secret_id }}"
description: Required parameter for the secrets resource.
- name: account_tag
value: "{{ account_tag }}"
description: Required parameter for the secrets resource.
- name: comment
value: "{{ comment }}"
description: |
Freeform text describing the secret
- name: name
value: "{{ name }}"
description: |
The name of the secret
- name: scopes
value:
- "{{ scopes }}"
description: |
The list of services that can use this secret.
UPDATE examples
- edit
- secrets_store_system_patch_by_id
Updates a single secret
UPDATE cloudflare.secrets_store.secrets
SET
comment = '{{ comment }}',
scopes = '{{ scopes }}',
value = '{{ value }}'
WHERE
account_id = '{{ account_id }}' --required
AND store_id = '{{ store_id }}' --required
AND secret_id = '{{ secret_id }}' --required
RETURNING
errors,
messages,
result,
result_info,
success;
Updates a single secret in a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
UPDATE cloudflare.secrets_store.secrets
SET
comment = '{{ comment }}',
scopes = '{{ scopes }}',
value = '{{ value }}'
WHERE
account_tag = '{{ account_tag }}' --required
AND store_id = '{{ store_id }}' --required
AND secret_id = '{{ secret_id }}' --required
RETURNING
errors,
messages,
result,
result_info,
success;
DELETE examples
- delete
- secrets_store_system_secret_delete_by_id
- bulk_delete
- secrets_store_system_delete_bulk
Deletes a single secret
DELETE FROM cloudflare.secrets_store.secrets
WHERE account_id = '{{ account_id }}' --required
AND store_id = '{{ store_id }}' --required
AND secret_id = '{{ secret_id }}' --required
;
Deletes a single secret from a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
DELETE FROM cloudflare.secrets_store.secrets
WHERE account_tag = '{{ account_tag }}' --required
AND store_id = '{{ store_id }}' --required
AND secret_id = '{{ secret_id }}' --required
;
Deletes one or more secrets
DELETE FROM cloudflare.secrets_store.secrets
WHERE account_id = '{{ account_id }}' --required
AND store_id = '{{ store_id }}' --required
;
Deletes one or more secrets from a store managed by the calling service. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
DELETE FROM cloudflare.secrets_store.secrets
WHERE account_tag = '{{ account_tag }}' --required
AND store_id = '{{ store_id }}' --required
;
Lifecycle Methods
- duplicate_by_system
Duplicates a secret in a store managed by the calling service, keeping the value. Returns 404 if the store doesn't exist or is not managed by the authenticated service.
EXEC cloudflare.secrets_store.secrets.duplicate_by_system
@account_tag='{{ account_tag }}' --required,
@store_id='{{ store_id }}' --required,
@secret_id='{{ secret_id }}' --required
@@json=
'{
"comment": "{{ comment }}",
"name": "{{ name }}",
"scopes": "{{ scopes }}"
}'
;