Secret
Stores secret data.
Description
A secret is an object that stores a small amount of secret data such as a private key or mnemonic. Objects such as Network often reference Secret objects in places where plain text private keys or mnemonics might otherwise be used. This also means that you would not have to hardcode your secrets in application code.
Even though
Secretobjects are encrypted at rest and protected by role-based access control, we strongly recommend using test-only credentials that do not hold access to real funds.
Data format
Secret endpoints accept and return base64-encoded raw bytes. If a credential is currently expressed as a hexadecimal string, you must first hex-decode it to its binary form and then base64-encode those bytes. Encoding the ASCII hex text directly (hex to base64) is not valid; it stores the literal characters rather than the underlying key bytes.
Secret type
The type field accepts any string and is intended purely as a hint to clients about how the secret payload should be interpreted.
For example, a client might create a Secret with "type": "ethereum-private-key". When that client later retrieves the object, it first inspects type and then applies the corresponding decoding routine (in this case, “Ethereum private key” logic).
The system itself does not validate or enforce these values — the convention is entirely client-driven.
Operations
GET /v1alpha1/workspaces/{workspace}/secrets
List all secrets in workspace workspace that the current requester has access to.
Query parameters
Selectable fields: type, metadata.ownerID
Responses
| HTTP Code | Response |
|---|---|
| 200 OK | SecretList |
| 404 Not Found | Error |
GET /v1alpha1/workspaces/{workspace}/secrets/{name}
Get secret name in workspace workspace
Responses
| HTTP Code | Response |
|---|---|
| 200 OK | Secret |
| 404 Not Found | Error |
POST /v1alpha1/workspaces/{workspace}/secrets
Create a secret in workspace workspace
Request body
{
"metadata": {
"name": "octonet-private-key"
},
"type": "ethereum-private-key",
"data": "u9RSIoP5ccN8wTdYcqqpjVu71rAGUu45lt2w1qQDiDU="
}
Responses
| HTTP Code | Response |
|---|---|
| 201 Created | Secret |
| 400 Bad Request | Error |
PUT /v1alpha1/workspaces/{workspace}/secrets/{name}
Updates secret name in full in workspace workspace
Request body
Responses
| HTTP Code | Response |
|---|---|
| 200 OK | Secret |
| 400 Bad Request | Error |
| 404 Not Found | Error |
| 409 Conflict | Error |
DELETE /v1alpha1/workspaces/{workspaces}/secrets/{name}
Deletes secret name from workspace workspace
Responses
| HTTP Code | Response |
|---|---|
| 200 OK | Secret |
| 404 Not Found | Error |
| 409 Conflict | Error |
API objects
Secret
| Field | Type | Required | Notes |
|---|---|---|---|
metadata | ObjectMeta | Standard object metadata | |
type | string | Yes | Client set secret type |
data | string | Yes | Base64 encoded secret data |
SecretList
| Field | Type | Required | Notes |
|---|---|---|---|
items | Secret[] | Yes | The items of this list |
metadata | ListMeta |