CLI plugin: secret
| Primarily used for: Tanzu Kubernetes Grid, Tanzu Kubernetes Grid 2 with Supervisor, Tanzu Application Platform
The tanzu secret
command group manages Tanzu secrets. This command group includes the following command:
tanzu secret [COMMAND]
-h, --help
Help text.
-v, --verbose
Log verbosity, from 0
to 9
.
Manages registry secrets. For more information, see Configure Authentication to a Private Container Registry.
Commands:
Flags:
-h, --help
Help text.
-n, --namespace
The namespace for the registry secret. When this flag is not specified, tanzu secret registry
targets the default
namespace.
Creates a v1/Secret
resource of type kubernetes.io/dockerconfigjson
. If the --export-to-all-namespaces
option is specified, a SecretExport
resource is also created.
tanzu secret registry add SECRET-NAME --server REGISTRY-URL --username USERNAME --password PASSWORD [FLAGS]
To add a registry secret, for example, my-secret
:
tanzu secret registry add my-secret --server projects.registry.vmware.com --username my-user --password my-password
To make my-secret
available across all namespaces:
tanzu secret registry add my-secret --server projects.registry.vmware.com --username my-user --password my-password --export-to-all-namespaces
The URL used above is an example.
--export-to-all-namespaces
Makes the registry secret available across all namespaces.
-h, --help
Help text.
--password
The password to access the private registry.
--password-env-var
The environment variable containing the password to access the private registry.
--password-file
The file containing the password to access the private registry.
--password-stdin
When --password-stdin
is specified, the password is entered through standard input.
--server
The FQDN of the private registry.
--username
The username to access the private registry.
-y, --yes
When --yes
is specified, the command skips the confirmation step.
Deletes the specified v1/Secret
resource of type kubernetes.io/dockerconfigjson
and if it exists, the associated SecretExport
from the cluster.
tanzu secret registry delete SECRET-NAME [FLAGS]
To delete my-secret
:
tanzu registry secret delete my-secret
-h, --help
Help text.
-y, --yes
When --yes
is specified, the command skips the confirmation step.
Lists all v1/Secret
resources of type kubernetes.io/dockerconfigjson
.
tanzu secret registry list [FLAGS]
To list registry secrets across all namespaces:
tanzu registry secret list --all-namespaces
To list registry secrets in a specific namespace, for example, my-namespace
:
tanzu registry secret list -n my-namespace
-A, --all-namespaces
When --all-namespaces
is specified, the command targets all namespaces.
-h, --help
Help text.
-o, --output
Output format. Supported values are yaml
, json
, and table
.
Updates the specified v1/Secret
resource of type kubernetes.io/dockerconfigjson
. If the --export-to-all-namespaces
option is specified, the associated SecretExport
resource is also updated.
tanzu secret registry update SECRET-NAME --username USERNAME --password PASSWORD [FLAGS]
To update my-secret
without updating the associated SecretExport
resource:
tanzu registry secret update my-secret --username my-user --password-file my-password
To update my-secret
and delete the associated SecretExport
resource:
tanzu registry secret update my-secret --username my-user --password my-password --export-to-all-namespaces=false
--export-to-all-namespaces[=true]
If --export-to-all-namespaces
set to true
, the secret is available across all namespaces. If the flag is set to false
, the secret is unexported from all the namespaces that it was previously exported to. If --export-to-all-namespaces
is not specified, no changes are made.
-h, --help
Help text.
--password
The password to access the private registry.
--password-env-var
The environment variable containing the password to access the private registry.
--password-file
The file containing the password to access the private registry.
--password-stdin
When --password-stdin
is specified, the password is entered through standard input.
--username
The username to access the private registry.
-y, --yes
When --yes
is specified, the command skips the confirmation step.