Secrets are objects that allow you to store and manage sensitive information, such as passwords and client ID/secrets, for use inside Coder Enterprise environments. Coder Enterprise implements secrets using Kubernetes Secrets.
Secrets are a beta feature.
You can work with secrets using the Coder CLI, while future updates will allow you to manipulate secrets via the Coder Enterprise user interface.
Using secrets requires that the Coder CLI has been installed onto your Coder Enterprise environment. For your convenience, Coder Enterprise automatically injects Coder CLI and authorizes it for use with your environment whenever it creates or rebuilds your environment.
You can find the Coder CLI under /tmp/coder/.
Before you can use the CLI, either:
- Update your
PATHvariable to include the path to the CLI by running
PATH=$PATH:/tmp/coderin your environment's Terminal
- Move the CLI binary by running
cp /tmp/coder/coder /usr/bin(assuming that /usr/bin is in your
PATH; if not, select another directory)
For full details on the Coder CLI commands that can be used to work with Secrets, see the CLI documentation.
To access a Secret while working in a Coder Enterprise environment, use the
view <secret_name> command. You can then use the secret value shown to you.
If you would like to automate the assignment of secrets, the Coder CLI allows Site Managers to perform write (but not read) operations on other users' Secret objects.
The following Bash script is an example of how you might implement this:
#!/bin/bash # get all user emails emails=$(coder users ls --output json | jq -c -r '. | .email') for user in $emails do # create a secret for that user coder secrets --user $user create mysql-password --from-literal password123 done
Updated 2 months ago