TaskCluster Secrets API Documentation


BaseUrl
https://secrets.taskcluster.net/v1

The secrets service provides a simple key/value store for small bits of secret data. Access is limited by scopes, so values can be considered secret from those who do not have the relevant scopes.

Secrets also have an expiration date, and once a secret has expired it can no longer be read. This is useful for short-term secrets such as a temporary service credential or a one-time signing key.

Functions

Using the APIs
SignatureSummary
set(name, payload) : voidSet Secret
remove(name) : voidDelete Secret
get(name) : resultRead Secret
list({continuationToken, limit}) : resultList Secrets
ping() : voidPing Server

Set Secret

Method
put
Route
/secret/<name>
Scopes
secrets:set:<name>
Signature
set(name, payload) : void
Stability
stable

Set the secret associated with some key. If the secret already exists, it is updated instead.

Request Payload

Secret (source)

Message containing a TaskCluster Secret

secretObject of

The secret value to be encrypted.

Anything ¯\_(ツ)_/¯
expiresstringdate-time

An expiration date for this secret.



Delete Secret

Method
delete
Route
/secret/<name>
Scopes
secrets:set:<name>
Signature
remove(name) : void
Stability
stable

Delete the secret associated with some key.



Read Secret

Method
get
Route
/secret/<name>
Scopes
secrets:get:<name>
Signature
get(name) : result
Stability
stable

Read the secret associated with some key. If the secret has recently expired, the response code 410 is returned. If the caller lacks the scope necessary to get the secret, the call will fail with a 403 code regardless of whether the secret exists.

Response

Secret (source)

Message containing a TaskCluster Secret

secretObject of

The secret value to be encrypted.

Anything ¯\_(ツ)_/¯
expiresstringdate-time

An expiration date for this secret.



List Secrets

Method
get
Route
/secrets
Signature
list({continuationToken, limit}) : result
Stability
stable

List the names of all secrets.

By default this end-point will try to return up to 1000 secret names in one request. But it may return less, even if more tasks are available. It may also return a continuationToken even though there are no more results. However, you can only be sure to have seen all results if you keep calling listTaskGroup with the last continuationToken until you get a result without a continuationToken.

If you are not interested in listing all the members at once, you may use the query-string option limit to return fewer.

Response

Secrets List (source)

Message containing a list of secret names

secretsArray of

Secret names

Secretstring

Secret name

continuationTokenstring

Opaque continuationToken to be given as query-string option to get the next set of provisioners. This property is only present if another request is necessary to fetch all results. In practice the next request with a continuationToken may not return additional results, but it can. Thus, you can only be sure to have all the results if you've called with continuationToken until you get a result without a continuationToken.



Ping Server

Method
get
Route
/ping
Signature
ping() : void
Stability
stable

Respond without doing anything. This endpoint is used to check that the service is up.