GuidesAPI Reference
Log In

Prodvana provides secret storage that allows you to securely pass secret values to your Services. Secrets are encrypted at rest with an organization-specific key. For more details on how we store secrets check out Security.

When you create a secret, you will give it a unique name. Every time you update the secret, a new version will be created. You can then use the secret name and version pair to refer to that secret in your Prodvana

By versioning secrets, you can safely update a secret in use by a service without breaking currently deployed instances. This also ensures you can roll back services to a previous version if necessary.

Creating and Updating Secrets

To create a new secret, or update an existing one use the pvnctl secrets set command.

$ pvnctl secrets set my-secret "secret value"
Created secret version: my-secret-0

Alternatively, you can pass the secret value through stdin:

$ echo "new secret value" | pvnctl secrets set my-secret
Created secret version: my-secret-1

Deleting Secrets

You can delete a specific secret version with pvnctl secrets delete-version

$ pvnctl secrets delete-version my-secret my-secret-0
Secret version deleted.

Or you can delete all versions of a secret with pvnctl secrets delete:

$ pvnctl secrets delete my-secret
Secret deleted.


Deleting an older secret version may make rollbacks unsafe -- a older secret version may be referenced in a past config.

Listing Secrets

You can list your existing secrets with pvnctl secrets list:

KEY                                                             LATEST VERSION                                            
integrations/DOCKER_REGISTRY/dockerhub                          integrations/DOCKER_REGISTRY/dockerhub-0                  
integrations/DOCKER_REGISTRY/ecr-prodvana-test                  integrations/DOCKER_REGISTRY/ecr-prodvana-test-1          
integrations/DOCKER_REGISTRY/pvn-gcr                            integrations/DOCKER_REGISTRY/pvn-gcr-0                    
integrations/GITHUB/github                                      integrations/GITHUB/github-1                                                                               
pvn/runtimes/rtm-95f9ab9583d94b7a9ff36391f3ee129a/access        pvn/runtimes/rtm-95f9ab9583d94b7a9ff36391f3ee129a/access-0
my-secret                                                       my-secret-2


You may see some existing secrets with prefixes like integrations/. These secrets are used internally for Prodvana integrations.

Listing a Secret's Versions

To see all existing versions of a secret, you can use pvnctl secrets list-versions

$ pvnctl secrets list-versions my-secret