Coder Enterprise Hub

Welcome to the Coder Enterprise hub. You'll find comprehensive guides and documentation to help you start working with Coder as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    Changelog

Secrets are objects that allow you to store and manage sensitive information, such as passwords and client ID/secrets, for use inside Coder Enterprise environments. Coder Enterprise implements secrets using Kubernetes Secrets.


Secrets are a beta feature.

You can work with secrets using the Coder CLI, while future updates will allow you to manipulate secrets via the Coder Enterprise user interface.

The Coder CLI

Using secrets requires that the Coder CLI has been installed onto your Coder Enterprise environment. For your convenience, Coder Enterprise automatically injects Coder CLI and authorizes it for use with your environment whenever it creates or rebuilds your environment.

You can find the Coder CLI under /tmp/coder/.

Before you can use the CLI, either:

  • Update your PATH variable to include the path to the CLI by running PATH=$PATH:/tmp/coder in your environment's Terminal
  • Move the CLI binary by running cp /tmp/coder/coder /usr/bin (assuming that /usr/bin is in your PATH; if not, select another directory)

Working with Secrets

For full details on the Coder CLI commands that can be used to work with Secrets, see the CLI documentation.

Accessing a Secret from an Environment

To access a Secret while working in a Coder Enterprise environment, use the view <secret_name> command. You can then use the secret value shown to you.

Bulk Secret Assignments

If you would like to automate the assignment of secrets, the Coder CLI allows Site Managers to perform write (but not read) operations on other users' Secret objects.

The following Bash script is an example of how you might implement this:

# get all user emails
emails=$(coder users ls --output json | jq -c -r '.[] | .email')
for user in $emails
    # create a secret for that user
    coder secrets --user $user create mysql-password --from-literal password123 

Updated 2 months ago


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.