secret_create
Create a write-only swarm secret for sensitive data. The payload is stored securely and cannot be read back through the API.
Instructions
Create a swarm secret; requires a swarm manager.
Write-once: the payload can never be read back through the API (secret_inspect returns
metadata only) and cannot be changed later — to rotate, create a new secret and update the
consuming services, keeping your own copy of the value. For non-sensitive data that should
stay readable, use config_create instead. Created secrets are stamped with provenance
labels.
args: name - Name for the secret (unique within the swarm) data - The secret payload (max 500 KB; must be empty when driver is set) labels - Labels to set on the secret driver - Optional secret-driver config for values held in an external store returns: dict - The created secret's attrs (ID and Spec metadata; never the payload)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| data | Yes | ||
| name | Yes | ||
| driver | No | ||
| labels | No |