diff --git a/pkg/cmd/secrets.go b/pkg/cmd/secrets.go
index 9b56e59a..342fa8c2 100644
--- a/pkg/cmd/secrets.go
+++ b/pkg/cmd/secrets.go
@@ -236,10 +236,13 @@ func setSecrets(cmd *cobra.Command, args []string) {
 	raw := utils.GetBoolFlag(cmd, "raw")
 	canPromptUser := !utils.GetBoolFlag(cmd, "no-interactive")
 	localConfig := configuration.LocalConfig(cmd)
+	visibility := cmd.Flag("visibility").Value.String()
 
 	utils.RequireValue("token", localConfig.Token.Value)
 
-	secrets := map[string]interface{}{}
+	var changeRequests []models.ChangeRequest
+	changeRequests = make([]models.ChangeRequest, 0)
+
 	var keys []string
 
 	// if only one arg, read from stdin
@@ -307,27 +310,51 @@ func setSecrets(cmd *cobra.Command, args []string) {
 		value := strings.Join(input, "\n")
 
 		keys = append(keys, key)
-		secrets[key] = value
+		changeRequest := models.ChangeRequest{
+			Name:  key,
+			Value: &value,
+		}
+		if visibility != "" {
+			changeRequest.Visibility = &visibility
+		}
+		changeRequests = append(changeRequests, changeRequest)
 	} else if len(args) == 2 && !strings.Contains(args[0], "=") {
 		// format: 'doppler secrets set KEY value'
 		key := args[0]
 		value := args[1]
 		keys = append(keys, key)
-		secrets[key] = value
+		changeRequest := models.ChangeRequest{
+			Name:  key,
+			Value: &value,
+		}
+		if visibility != "" {
+			changeRequest.Visibility = &visibility
+		}
+		changeRequests = append(changeRequests, changeRequest)
 	} else {
 		// format: 'doppler secrets set KEY=value'
 		for _, arg := range args {
 			secretArr := strings.SplitN(arg, "=", 2)
-			keys = append(keys, secretArr[0])
+			key := secretArr[0]
+			keys = append(keys, key)
+
+			changeRequest := models.ChangeRequest{
+				Name: key,
+			}
+
 			if len(secretArr) < 2 {
-				secrets[secretArr[0]] = ""
+				changeRequest.Value = nil
 			} else {
-				secrets[secretArr[0]] = secretArr[1]
+				changeRequest.Value = &secretArr[1]
+			}
+			if visibility != "" {
+				changeRequest.Visibility = &visibility
 			}
+			changeRequests = append(changeRequests, changeRequest)
 		}
 	}
 
-	response, err := http.SetSecrets(localConfig.APIHost.Value, utils.GetBool(localConfig.VerifyTLS.Value, true), localConfig.Token.Value, localConfig.EnclaveProject.Value, localConfig.EnclaveConfig.Value, secrets, nil)
+	response, err := http.SetSecrets(localConfig.APIHost.Value, utils.GetBool(localConfig.VerifyTLS.Value, true), localConfig.Token.Value, localConfig.EnclaveProject.Value, localConfig.EnclaveConfig.Value, nil, changeRequests)
 	if !err.IsNil() {
 		utils.HandleError(err.Unwrap(), err.Message)
 	}
@@ -626,6 +653,7 @@ func init() {
 	}
 	secretsSetCmd.Flags().Bool("raw", false, "print the raw secret value without processing variables")
 	secretsSetCmd.Flags().Bool("no-interactive", false, "do not allow entering secret value via interactive mode")
+	secretsSetCmd.Flags().StringP("visibility", "", "", "visibility (e.g. masked, unmasked, or restricted)")
 	secretsCmd.AddCommand(secretsSetCmd)
 
 	secretsUploadCmd.Flags().StringP("project", "p", "", "project (e.g. backend)")
diff --git a/pkg/models/api.go b/pkg/models/api.go
index 848da703..bf9a3115 100644
--- a/pkg/models/api.go
+++ b/pkg/models/api.go
@@ -27,11 +27,15 @@ type ComputedSecret struct {
 
 // ChangeRequest can be used to smartly update secrets
 type ChangeRequest struct {
-	OriginalName  interface{} `json:"originalName"`
-	OriginalValue interface{} `json:"originalValue,omitempty"`
-	Name          string      `json:"name"`
-	Value         string      `json:"value"`
-	ShouldDelete  bool        `json:"shouldDelete"`
+	Name               string      `json:"name"`
+	OriginalName       interface{} `json:"originalName"`
+	Value              interface{} `json:"value"`
+	OriginalValue      interface{} `json:"originalValue,omitempty"`
+	Visibility         *string     `json:"visibility,omitempty"`
+	OriginalVisibility *string     `json:"originalVisibility,omitempty"`
+	ShouldPromote      *bool       `json:"shouldPromote,omitempty"`
+	ShouldDelete       *bool       `json:"shouldDelete,omitempty"`
+	ShouldConverge     *bool       `json:"shouldConverge,omitempty"`
 }
 
 // SecretNote contains a secret and its note
diff --git a/pkg/tui/gui/cmp_secret_view.go b/pkg/tui/gui/cmp_secret_view.go
index 87edf63f..fd59fa5a 100644
--- a/pkg/tui/gui/cmp_secret_view.go
+++ b/pkg/tui/gui/cmp_secret_view.go
@@ -50,7 +50,7 @@ func (svm *SecretViewModel) ToChangeRequest() models.ChangeRequest {
 		OriginalName: svm.originalName,
 		Name:         svm.nameView.TextArea.GetContent(),
 		Value:        svm.valueView.TextArea.GetContent(),
-		ShouldDelete: svm.shouldDelete,
+		ShouldDelete: &svm.shouldDelete,
 	}
 
 	if svm.originalVisibility != "restricted" {