tanzu secret

Manages Tanzu secrets.

Usage

CLI plugin: secret | Target: kubernetes | Release Notes

Syntax:

tanzu secret [COMMAND]

Global Flags

-h, --help

Help text.

--kubeconfig

The path to the kubeconfig file.

-v, --verbose

Log verbosity, from 0 to 9.

tanzu secret registry

Manages registry secrets. For more information, see Configure Authentication to a Private Container Registry.

Commands:

• tanzu secret registry add
• tanzu secret registry delete
• tanzu secret registry list
• tanzu secret registry update

Flags:

-h, --help

Help text.

-n, --namespace

The namespace for the registry secret. When this flag is not specified, tanzu secret registry targets the default namespace.

tanzu secret registry add

Creates a v1/Secret resource of type kubernetes.io/dockerconfigjson. If the --export-to-all-namespaces option is specified, a SecretExport resource is also created.

Usage

tanzu secret registry add SECRET-NAME --server REGISTRY-URL --username USERNAME --password PASSWORD [FLAGS]

Examples

To add a registry secret, for example, my-secret:

tanzu secret registry add my-secret --server projects.registry.vmware.com --username my-user --password my-password

To make my-secret available across all namespaces:

tanzu secret registry add my-secret --server projects.registry.vmware.com --username my-user --password my-password --export-to-all-namespaces

The URL used above is an example.

Flags

--export-to-all-namespaces

Makes the registry secret available across all namespaces.

-h, --help

Help text.

--password

The password to access the private registry.

--password-env-var

The environment variable containing the password to access the private registry.

--password-file

The file containing the password to access the private registry.

--password-stdin

When --password-stdin is specified, the password is entered through standard input.

--server

The FQDN of the private registry.

--username

The username to access the private registry.

-y, --yes

When --yes is specified, the command skips the confirmation step.

tanzu secret registry delete

Deletes the specified v1/Secret resource of type kubernetes.io/dockerconfigjson and if it exists, the associated SecretExport from the cluster.

Usage

tanzu secret registry delete SECRET-NAME [FLAGS]

Example

To delete my-secret:

tanzu registry secret delete my-secret

Flags

-h, --help

Help text.

-y, --yes

When --yes is specified, the command skips the confirmation step.

tanzu secret registry list

Lists all v1/Secret resources of type kubernetes.io/dockerconfigjson.

Usage

tanzu secret registry list [FLAGS]

Examples

To list registry secrets across all namespaces:

tanzu registry secret list --all-namespaces

To list registry secrets in a specific namespace, for example, my-namespace:

tanzu registry secret list -n my-namespace

Flags

-A, --all-namespaces

When --all-namespaces is specified, the command targets all namespaces.

-h, --help

Help text.

-o, --output

Output format. Supported values are yaml, json, and table.

tanzu secret registry update

Updates the specified v1/Secret resource of type kubernetes.io/dockerconfigjson. If the --export-to-all-namespaces option is specified, the associated SecretExport resource is also updated.

Usage

tanzu secret registry update SECRET-NAME --username USERNAME --password PASSWORD [FLAGS]

Examples

To update my-secret without updating the associated SecretExport resource:

tanzu registry secret update my-secret --username my-user --password-file my-password

To update my-secret and delete the associated SecretExport resource:

tanzu registry secret update my-secret --username my-user --password my-password --export-to-all-namespaces=false

Flags

--export-to-all-namespaces[=true]

If --export-to-all-namespaces set to true, the secret is available across all namespaces. If the flag is set to false, the secret is unexported from all the namespaces that it was previously exported to. If --export-to-all-namespaces is not specified, no changes are made.

-h, --help

Help text.

--password

The password to access the private registry.

--password-env-var

The environment variable containing the password to access the private registry.

--password-file

The file containing the password to access the private registry.

--password-stdin

When --password-stdin is specified, the password is entered through standard input.

--username

The username to access the private registry.

-y, --yes

When --yes is specified, the command skips the confirmation step.