×

GET /v1/secrets/{id}

GetSecret returns a secret given its ID.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Return Type

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

StorageSecret

0

An unexpected error response.

RuntimeError

Samples

Common object reference

ImagePullSecretRegistry

Field Name Required Nullable Type Description Format

name

String

username

String

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

RuntimeError

Field Name Required Nullable Type Description Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageCert

Field Name Required Nullable Type Description Format

subject

StorageCertName

issuer

StorageCertName

sans

List of string

startDate

Date

date-time

endDate

Date

date-time

algorithm

String

StorageCertName

Field Name Required Nullable Type Description Format

commonName

String

country

String

organization

String

organizationUnit

String

locality

String

province

String

streetAddress

String

postalCode

String

names

List of string

StorageImagePullSecret

Field Name Required Nullable Type Description Format

registries

List of ImagePullSecretRegistry

StorageSecret

Flat secret object. Any properties of an individual secret. (regardless of time, scope, or context) ////////////////////////////////////////
Field Name Required Nullable Type Description Format

id

String

name

String

clusterId

String

clusterName

String

namespace

String

type

String

labels

Map of string

annotations

Map of string

createdAt

Date

date-time

files

List of StorageSecretDataFile

Metadata about the secrets. The secret need not be a file, but rather may be an arbitrary value.

relationship

StorageSecretRelationship

StorageSecretContainerRelationship

Secrets can be mounted in a path in a container. Next Tag: 3
Field Name Required Nullable Type Description Format

id

String

Id of the container the secret is mounted in.

path

String

Path is a container specific mounting directory.

StorageSecretDataFile

Metadata about secret. Additional information is presented for a certificate file and imagePullSecret, but the "file" may also represent some arbitrary value.

Field Name Required Nullable Type Description Format

name

String

type

StorageSecretType

UNDETERMINED, PUBLIC_CERTIFICATE, CERTIFICATE_REQUEST, PRIVACY_ENHANCED_MESSAGE, OPENSSH_PRIVATE_KEY, PGP_PRIVATE_KEY, EC_PRIVATE_KEY, RSA_PRIVATE_KEY, DSA_PRIVATE_KEY, CERT_PRIVATE_KEY, ENCRYPTED_PRIVATE_KEY, IMAGE_PULL_SECRET,

cert

StorageCert

imagePullSecret

StorageImagePullSecret

StorageSecretDeploymentRelationship

Secrets can be used by a deployment. Next Tag: 3
Field Name Required Nullable Type Description Format

id

String

Id of the deployment using the secret within a container.

name

String

Name of the deployment.

StorageSecretRelationship

The combined relationships that belong to the secret. Next Tag: 6
Field Name Required Nullable Type Description Format

id

String

containerRelationships

List of StorageSecretContainerRelationship

deploymentRelationships

List of StorageSecretDeploymentRelationship

Deployment id to relationship.

StorageSecretType

Enum Values

UNDETERMINED

PUBLIC_CERTIFICATE

CERTIFICATE_REQUEST

PRIVACY_ENHANCED_MESSAGE

OPENSSH_PRIVATE_KEY

PGP_PRIVATE_KEY

EC_PRIVATE_KEY

RSA_PRIVATE_KEY

DSA_PRIVATE_KEY

CERT_PRIVATE_KEY

ENCRYPTED_PRIVATE_KEY

IMAGE_PULL_SECRET