See also: How to manage secrets

In Juju, (starting with Juju 3.0) a secret is a sensitive bit of information (e.g., account credential, password, certificate, SSH key, API key, encryption key, etc.) that a charm needs to know.

Every secret has an owner – the entity creating, updating, sharing, or removing it – and an observer – the entity getting access to it. The owner can be

  • a charm
    Example: A PostgreSQL charm creates a database password and, through integration, gives it to WordPress so that WordPress can store data on the database.

  • (starting with Juju 3.3) a user with model admin access (in which case the secret is also known as a ‘user secret’).
    Example: The Apache application needs to be given a CA certificate and private key. A model admin user adds a secret to a model and then grants it to the Apache application.

Secrets are identified by an automatically-assigned ID (a URI generated by Juju at creation time) or (for user secrets, also) a user-defined name.

Contributors: @kelvin.liu , @wallyworld , @hmlanigan, @danieleprocida

Last updated 3 months ago. Help improve this document in the forum.