# [admin] Secrets command


The `secrets` command in `admin` scope could help you manage secrets.


## Setup PrimeHub Python SDK


In [1]:
from primehub import PrimeHub, PrimeHubConfig
ph = PrimeHub(PrimeHubConfig())

if ph.is_ready():
    print("PrimeHub Python SDK setup successfully")
else:
    print("PrimeHub Python SDK couldn't get the group information, follow the 00-getting-started.ipynb to complete it")

PrimeHub Python SDK setup successfully


## Help documentation

In [2]:
help(ph.admin.secrets)

Help on AdminSecrets in module primehub.admin_secrets object:

class AdminSecrets(primehub.Helpful, primehub.Module)
 |  AdminSecrets(primehub: primehub.PrimeHub, **kwargs)
 |  
 |  Method resolution order:
 |      AdminSecrets
 |      primehub.Helpful
 |      primehub.Module
 |      primehub.HTTPSupport
 |      builtins.object
 |  
 |  Methods defined here:
 |  
 |  create(self, config)
 |      Create a secret
 |      
 |      :type config: dict
 |      :param config: The configurations for creating a secret
 |      
 |      :rtype dict
 |      :return The id of a secret
 |  
 |  delete(self, id: str, **kwargs) -> dict
 |      Delete a secret by id
 |      
 |      :type id: str
 |      :param id: the id of the secret
 |      
 |      :rtype dict
 |      :return the secret
 |  
 |  get(self, id: str) -> dict
 |      Get an secret by id
 |      
 |      :type id: str
 |      :param id: the id of a secret
 |      
 |      :rtype dict
 |      :return the secret
 |  
 |  help_description(

## Secrets management

In [3]:
!primehub admin secrets help

Usage: 
  primehub admin secrets <command>

Manage secrets

Available Commands:
  create               Create a secret
  delete               Delete a secret by id
  get                  Get an secret by id
  list                 List secrets
  update               Update the secret

Options:
  -h, --help           Show the help

Global Options:
  --config CONFIG      Change the path of the config file (Default: ~/.primehub/config.json)
  --endpoint ENDPOINT  Override the GraphQL API endpoint
  --token TOKEN        Override the API Token
  --group GROUP        Override the current group
  --json               Output the json format (output human-friendly format by default)


### Fields for creating or updating

| field | required | type | description |
| --- | --- | --- | --- |
| name | required | string | The name of secret. It is only used when creating. |
| type | required | string | one of ['opaque', 'kubernetes']. `opaque` is used for Git Sync secrets (SSH Public Key). `kubernetes` is used for Container Registry. |
| displayName | optional | string | |

* `type` can not be changed after created.

Fields for  `opaque`

| field | required | type | description |
| --- | --- | --- | --- |
| secret | conditional | string | when type is opaque, secret field become required for the SSH Public Key. |

Fields for  `kubernetes`

You should put container registry credentials to these fields:

| field | required | type | description |
| --- | --- | --- | --- |
| registryHost | conditional | string |  |
| username | conditional | string | |
| password | conditional | string | |


## Examples

You could find [more examples on our github](https://github.com/InfuseAI/primehub-python-sdk/blob/main/docs/CLI/admin/secrets.md).

In [4]:
import pandas as pd

#### CRUD: primehub secrets

In [5]:
# Create an secrets
config = {
  'name': 'create-secret-by-sdk',
  "type": 'opaque',
  "secret": 'keep it secret'
}

data = ph.admin.secrets.create(config)

In [6]:
# List secrets
secrets_df = pd.DataFrame(ph.admin.secrets.list())
secrets_df[secrets_df['name'] == config['name']]

Unnamed: 0,id,name,displayName,type,registryHost,username
0,gitsync-secret-create-secret-by-sdk,create-secret-by-sdk,create-secret-by-sdk,opaque,,


In [7]:
# Get the secret details
ph.admin.secrets.get(data['id'])

{'id': 'gitsync-secret-create-secret-by-sdk',
 'name': 'create-secret-by-sdk',
 'displayName': 'create-secret-by-sdk',
 'type': 'opaque'}

In [8]:
# Update the secret config setting.
update_config = {'displayName': 'gitsync-sdk-test'}
data = ph.admin.secrets.update(data['id'], update_config)
ph.admin.secrets.get(data['id'])

{'id': 'gitsync-secret-create-secret-by-sdk',
 'name': 'create-secret-by-sdk',
 'displayName': 'gitsync-sdk-test',
 'type': 'opaque'}

In [9]:
# Delete the secret
ph.admin.secrets.delete(data['id'])

{'id': 'gitsync-secret-create-secret-by-sdk'}