Manage secrets

The OpenFaaS CLI allows you to create, update, list and delete secrets using faas-cli instead of Docker or Kubernetes command line tools.

The reason behind this is to give you simplicity when you need to use secrets for your functions as well as to provide a layer of abstraction, as it will work for both Kubernetes and Docker Swarm.

Create

To create a secret from stdin, you can run:

  1. faas-cli secret create secret-name

or use pipe instead:

  1. cat 04385e5c413c10ed68afb010ebe8c5dd706aa20a | faas-cli secret create secret-name
  2. cat ~/Downloads/derek.pem | faas-cli secret create secret-name

If you want to pass a value then do:

  1. faas-cli secret create secret-name --from-literal="04385e5c413c10ed68afb010ebe8c5dd706aa20a"

To create it from file use:

  1. faas-cli secret create secret-name --from-file=~/Downloads/derek.pem

You can pass —gateway flag if you'd like to create the secret for a specific OpenFaaS instance.

Update

From stdin:

  1. faas-cli secret update secret-name

or

  1. cat 04385e5c413c10ed68afb010ebe8c5dd706aa20a | faas-cli secret update secret-name
  2. cat ~/Downloads/derek.pem | faas-cli secret update secret-name

From literal:

  1. faas-cli secret update secret-name --from-literal="04385e5c413c10ed68afb010ebe8c5dd706aa20a"

From file:

  1. faas-cli secret update secret-name --from-file=~/Downloads/derek.pem

List

To list secrets for an OpenFaaS instance use:

  1. faas-cli secret list --gateway http://127.0.0.1:8080

or

  1. faas-cli secret ls --gateway http://127.0.0.1:8080

If you have set $OPENFAAS_URL you can use only 

  1. faas-cli secret ls

This will output:

  1. NAME
  2. secret-name1
  3. secret-name2
  4. ...

Delete

You can delete secrets with:

  1. faas-cli secret remove secret-name

or

  1. faas-cli secret remove secret-name --gateway=http://127.0.0.1:8080