Secrets are logical containers made up of zero or more immutable versions, that contain sensitive data
List secrets
Retrieve the list of secrets created within an Organization and/or Project. You must specify either the organization_id or the project_id and the region.
path Parameters
regionThe region you want to target
query Parameters
scheduled_for_deletionFilter by whether the secret was scheduled for deletion / not scheduled for deletion. By default, it will display only not scheduled for deletion secrets.
organization_idFilter by Organization ID (optional). (UUID format)
project_idFilter by Project ID (optional). (UUID format)
order_bypagepage_sizetagsList of tags to filter on (optional).
nameFilter by secret name (optional).
pathFilter by exact path (optional).
ephemeralFilter by ephemeral / not ephemeral (optional).
typeFilter by secret type (optional).
List secrets › Responses
Single page of secrets matching the requested criteria.
total_countCount of all secrets matching the requested criteria.
Create a secret
Create a secret in a given region specified by the region parameter.
path Parameters
regionThe region you want to target
Create a secret › Request Body
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
tagsList of the secret's tags.
descriptionDescription of the secret.
typeType of the secret.
(Optional.) See the Secret.Type enum for a description of values. If not specified, the type is Opaque.
pathPath of the secret.
(Optional.) Location of the secret in the directory structure. If not specified, the path is /.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
protectedReturns true if secret protection is applied to a given secret.
A protected secret cannot be deleted.
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, Secret Manager will use a Key Manager internal key. (UUID format)
Create a secret › Responses
idID of the secret. (UUID format)
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
statusCurrent status of the secret.
ready: the secret can be read, modified and deleted.locked: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
created_atDate and time of the secret's creation. (RFC 3339 format)
updated_atLast update of the secret. (RFC 3339 format)
tagsList of the secret's tags.
version_countNumber of versions for this secret.
descriptionUpdated description of the secret.
managedReturns true for secrets that are managed by another product.
protectedReturns true for protected secrets that cannot be deleted.
typeType of the secret.
See the Secret.Type enum for a description of values.
pathPath of the secret. Location of the secret in the directory structure.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
List of Scaleway resources that can access and manage the secret.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
regionRegion of the secret.
Get metadata using the secret's ID
Retrieve the metadata of a secret specified by the region and secret_id parameters.
path Parameters
regionThe region you want to target
secret_idID of the secret. (UUID format)
Get metadata using the secret's ID › Responses
idID of the secret. (UUID format)
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
statusCurrent status of the secret.
ready: the secret can be read, modified and deleted.locked: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
created_atDate and time of the secret's creation. (RFC 3339 format)
updated_atLast update of the secret. (RFC 3339 format)
tagsList of the secret's tags.
version_countNumber of versions for this secret.
descriptionUpdated description of the secret.
managedReturns true for secrets that are managed by another product.
protectedReturns true for protected secrets that cannot be deleted.
typeType of the secret.
See the Secret.Type enum for a description of values.
pathPath of the secret. Location of the secret in the directory structure.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
List of Scaleway resources that can access and manage the secret.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
regionRegion of the secret.
Update metadata of a secret
Edit a secret's metadata such as name, tag(s), description and ephemeral policy. The secret to update is specified by the secret_id and region parameters.
path Parameters
regionThe region you want to target
secret_idID of the secret. (UUID format)
Update metadata of a secret › Request Body
nameSecret's updated name (optional).
tagsSecret's updated list of tags (optional).
descriptionDescription of the secret.
pathPath of the folder.
(Optional.) Location of the folder in the directory structure. If not specified, the path is /.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire.
Update metadata of a secret › Responses
idID of the secret. (UUID format)
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
statusCurrent status of the secret.
ready: the secret can be read, modified and deleted.locked: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
created_atDate and time of the secret's creation. (RFC 3339 format)
updated_atLast update of the secret. (RFC 3339 format)
tagsList of the secret's tags.
version_countNumber of versions for this secret.
descriptionUpdated description of the secret.
managedReturns true for secrets that are managed by another product.
protectedReturns true for protected secrets that cannot be deleted.
typeType of the secret.
See the Secret.Type enum for a description of values.
pathPath of the secret. Location of the secret in the directory structure.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
List of Scaleway resources that can access and manage the secret.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
regionRegion of the secret.
Allow a product to use the secret
path Parameters
regionThe region you want to target
secret_idID of the secret. (UUID format)
Allow a product to use the secret › Request Body
productID of the product to add.
See Product enum for description of values.
Allow a product to use the secret › Responses
Enable secret protection
Enable secret protection for a given secret specified by the secret_id parameter. Enabling secret protection means that your secret can be read and modified, but it cannot be deleted.
path Parameters
regionThe region you want to target
secret_idID of the secret to enable secret protection for. (UUID format)
Enable secret protection › Responses
idID of the secret. (UUID format)
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
statusCurrent status of the secret.
ready: the secret can be read, modified and deleted.locked: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
created_atDate and time of the secret's creation. (RFC 3339 format)
updated_atLast update of the secret. (RFC 3339 format)
tagsList of the secret's tags.
version_countNumber of versions for this secret.
descriptionUpdated description of the secret.
managedReturns true for secrets that are managed by another product.
protectedReturns true for protected secrets that cannot be deleted.
typeType of the secret.
See the Secret.Type enum for a description of values.
pathPath of the secret. Location of the secret in the directory structure.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
List of Scaleway resources that can access and manage the secret.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
regionRegion of the secret.
Restore a secret
Restore a secret and all its versions scheduled for deletion specified by the region and secret_id parameters.
path Parameters
regionThe region you want to target
secret_id(UUID format)
Restore a secret › Responses
idID of the secret. (UUID format)
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
statusCurrent status of the secret.
ready: the secret can be read, modified and deleted.locked: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
created_atDate and time of the secret's creation. (RFC 3339 format)
updated_atLast update of the secret. (RFC 3339 format)
tagsList of the secret's tags.
version_countNumber of versions for this secret.
descriptionUpdated description of the secret.
managedReturns true for secrets that are managed by another product.
protectedReturns true for protected secrets that cannot be deleted.
typeType of the secret.
See the Secret.Type enum for a description of values.
pathPath of the secret. Location of the secret in the directory structure.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
List of Scaleway resources that can access and manage the secret.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
regionRegion of the secret.
Disable secret protection
Disable secret protection for a given secret specified by the secret_id parameter. Disabling secret protection means that your secret can be read, modified and deleted.
path Parameters
regionThe region you want to target
secret_idID of the secret to disable secret protection for. (UUID format)
Disable secret protection › Responses
idID of the secret. (UUID format)
project_idID of the Project containing the secret. (UUID format)
nameName of the secret.
statusCurrent status of the secret.
ready: the secret can be read, modified and deleted.locked: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
created_atDate and time of the secret's creation. (RFC 3339 format)
updated_atLast update of the secret. (RFC 3339 format)
tagsList of the secret's tags.
version_countNumber of versions for this secret.
descriptionUpdated description of the secret.
managedReturns true for secrets that are managed by another product.
protectedReturns true for protected secrets that cannot be deleted.
typeType of the secret.
See the Secret.Type enum for a description of values.
pathPath of the secret. Location of the secret in the directory structure.
Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
List of Scaleway resources that can access and manage the secret.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
key_idID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
regionRegion of the secret.
Restore a version
Restore a secret's version specified by the region, secret_id and revision parameters.
path Parameters
regionThe region you want to target
secret_id(UUID format)
revisionRestore a version › Responses
revisionVersion number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1.
secret_idID of the secret. (UUID format)
statusCurrent status of the version.
unknown_status: the version is in an invalid state.enabled: the version is accessible.disabled: the version is not accessible but can be enabled.scheduled_for_deletion: the version is scheduled for deletion. It will be deleted in 7 days.deleted: the version is permanently deleted. It is not possible to recover it.
created_atDate and time of the version's creation. (RFC 3339 format)
updated_atLast update of the version. (RFC 3339 format)
deleted_atDate and time of the version's deletion. (RFC 3339 format)
descriptionDescription of the version.
latestReturns true if the version is the latest.
Properties of the ephemeral version. Returns the version's expiration date, whether it expires after being accessed once, and the action to perform (disable or delete) once the version expires.
deletion_requested_atReturns the time at which deletion was requested. (RFC 3339 format)
regionRegion of the version.