API Reference

Secrets

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

CreateSecret

client.Secrets.New(ctx, body) (*SecretNewResponse, error)

POST/gitpod.v1.SecretService/CreateSecret

Creates a new secret for a project.

Use this method to:

• Store sensitive configuration values
• Set up environment variables
• Configure registry authentication
• Add file-based secrets

Examples

• Create environment variable:

  Creates a secret that will be available as an environment variable.

  name: "DATABASE_URL"
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  value: "postgresql://user:pass@localhost:5432/db"
  environmentVariable: true

• Create file secret:

  Creates a secret that will be mounted as a file.

  name: "SSH_KEY"
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  value: "-----BEGIN RSA PRIVATE KEY-----\n..."
  filePath: "/home/gitpod/.ssh/id_rsa"

• Create registry auth:

  Creates credentials for private container registry.

  name: "DOCKER_AUTH"
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  value: "username:password"
  containerRegistryBasicAuthHost: "https://registry.example.com"

ParametersExpand Collapse

body SecretNewParams

APIOnly param.Field[bool]Optional

api_only indicates the secret is only available via API/CLI. These secrets are NOT automatically injected into services or devcontainers. Useful for secrets that should only be consumed programmatically (e.g., by security agents).

ContainerRegistryBasicAuthHost param.Field[string]Optional

secret will be mounted as a docker config in the environment VM, mount will have the docker registry host

EnvironmentVariable param.Field[bool]Optional

secret will be created as an Environment Variable with the same name as the secret

FilePath param.Field[string]Optional

absolute path to the file where the secret is mounted value must be an absolute path (e.g. /path/to/file):

this.matches('^/[^/].*$')

Name param.Field[string]Optional

maxLength127

minLength3

DeprecatedProjectID param.Field[string]Optional

project_id is the ProjectID this Secret belongs to Deprecated: use scope instead

Scope param.Field[SecretScope]Optional

scope is the scope of the secret

Value param.Field[string]Optional

value is the plaintext value of the secret

maxLength10240

minLength1

ReturnsExpand Collapse

type SecretNewResponse struct{…}

Secret SecretOptional

ID stringOptional

formatuuid

APIOnly boolOptional

api_only indicates the secret is only available via API/CLI

ContainerRegistryBasicAuthHost stringOptional

secret will be mounted as a registry secret

formaturi

CreatedAt TimeOptional

A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one.

All minutes are 60 seconds long. Leap seconds are “smeared” so that no leap second table is needed for interpretation, using a 24-hour linear smear.

The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from RFC 3339 date strings.

Examples

Example 1: Compute Timestamp from POSIX time().

 Timestamp timestamp;
 timestamp.set_seconds(time(NULL));
 timestamp.set_nanos(0);

Example 2: Compute Timestamp from POSIX gettimeofday().

 struct timeval tv;
 gettimeofday(&tv, NULL);

 Timestamp timestamp;
 timestamp.set_seconds(tv.tv_sec);
 timestamp.set_nanos(tv.tv_usec * 1000);

Example 3: Compute Timestamp from Win32 GetSystemTimeAsFileTime().

 FILETIME ft;
 GetSystemTimeAsFileTime(&ft);
 UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;

 // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
 // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
 Timestamp timestamp;
 timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
 timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));

Example 4: Compute Timestamp from Java System.currentTimeMillis().

 long millis = System.currentTimeMillis();

 Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
     .setNanos((int) ((millis % 1000) * 1000000)).build();

Example 5: Compute Timestamp from Java Instant.now().

 Instant now = Instant.now();

 Timestamp timestamp =
     Timestamp.newBuilder().setSeconds(now.getEpochSecond())
         .setNanos(now.getNano()).build();

Example 6: Compute Timestamp from current time in Python.

 timestamp = Timestamp()
 timestamp.GetCurrentTime()

JSON Mapping

In JSON format, the Timestamp type is encoded as a string in the RFC 3339 format. That is, the format is “{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z” where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The “Z” suffix indicates the timezone (“UTC”); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by “Z”) when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset).

For example, “2017-01-15T01:30:15.01Z” encodes 15.01 seconds past 01:30 UTC on January 15, 2017.

In JavaScript, one can convert a Date object to this format using the standard toISOString() method. In Python, a standard datetime.datetime object can be converted to this format using strftime with the time format spec ‘%Y-%m-%dT%H:%M:%S.%fZ’. Likewise, in Java, one can use the Joda Time’s ISODateTimeFormat.dateTime() to obtain a formatter capable of generating timestamps in this format.

formatdate-time

Creator SubjectOptional

creator is the identity of the creator of the secret

ID stringOptional

id is the UUID of the subject

formatuuid

Principal PrincipalOptional

Principal is the principal of the subject

One of the following:

const PrincipalUnspecified Principal = "PRINCIPAL_UNSPECIFIED"

const PrincipalAccount Principal = "PRINCIPAL_ACCOUNT"

const PrincipalUser Principal = "PRINCIPAL_USER"

const PrincipalRunner Principal = "PRINCIPAL_RUNNER"

const PrincipalEnvironment Principal = "PRINCIPAL_ENVIRONMENT"

const PrincipalServiceAccount Principal = "PRINCIPAL_SERVICE_ACCOUNT"

const PrincipalRunnerManager Principal = "PRINCIPAL_RUNNER_MANAGER"

EnvironmentVariable boolOptional

secret will be created as an Environment Variable with the same name as the secret

FilePath stringOptional

absolute path to the file where the secret is mounted

Name stringOptional

Name of the secret for humans.

DeprecatedProjectID stringOptional

The Project ID this Secret belongs to Deprecated: use scope instead

formatuuid

Scope SecretScopeOptional

OrganizationID stringOptional

organization_id is the Organization ID this Secret belongs to

formatuuid

ProjectID stringOptional

project_id is the Project ID this Secret belongs to

formatuuid

ServiceAccountID stringOptional

service_account_id is the Service Account ID this Secret belongs to

formatuuid

UserID stringOptional

user_id is the User ID this Secret belongs to

formatuuid

UpdatedAt TimeOptional

A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one.

All minutes are 60 seconds long. Leap seconds are “smeared” so that no leap second table is needed for interpretation, using a 24-hour linear smear.

The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from RFC 3339 date strings.

Examples

Example 1: Compute Timestamp from POSIX time().

 Timestamp timestamp;
 timestamp.set_seconds(time(NULL));
 timestamp.set_nanos(0);

Example 2: Compute Timestamp from POSIX gettimeofday().

 struct timeval tv;
 gettimeofday(&tv, NULL);

 Timestamp timestamp;
 timestamp.set_seconds(tv.tv_sec);
 timestamp.set_nanos(tv.tv_usec * 1000);

Example 3: Compute Timestamp from Win32 GetSystemTimeAsFileTime().

 FILETIME ft;
 GetSystemTimeAsFileTime(&ft);
 UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;

 // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
 // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
 Timestamp timestamp;
 timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
 timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));

Example 4: Compute Timestamp from Java System.currentTimeMillis().

 long millis = System.currentTimeMillis();

 Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
     .setNanos((int) ((millis % 1000) * 1000000)).build();

Example 5: Compute Timestamp from Java Instant.now().

 Instant now = Instant.now();

 Timestamp timestamp =
     Timestamp.newBuilder().setSeconds(now.getEpochSecond())
         .setNanos(now.getNano()).build();

Example 6: Compute Timestamp from current time in Python.

 timestamp = Timestamp()
 timestamp.GetCurrentTime()

JSON Mapping

In JSON format, the Timestamp type is encoded as a string in the RFC 3339 format. That is, the format is “{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z” where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The “Z” suffix indicates the timezone (“UTC”); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by “Z”) when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset).

For example, “2017-01-15T01:30:15.01Z” encodes 15.01 seconds past 01:30 UTC on January 15, 2017.

In JavaScript, one can convert a Date object to this format using the standard toISOString() method. In Python, a standard datetime.datetime object can be converted to this format using strftime with the time format spec ‘%Y-%m-%dT%H:%M:%S.%fZ’. Likewise, in Java, one can use the Joda Time’s ISODateTimeFormat.dateTime() to obtain a formatter capable of generating timestamps in this format.

formatdate-time

CreateSecret

Go

HTTP

TypeScript

Python

Go

package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  secret, err := client.Secrets.New(context.TODO(), gitpod.SecretNewParams{
    EnvironmentVariable: gitpod.F(true),
    Name: gitpod.F("DATABASE_URL"),
    ProjectID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
    Value: gitpod.F("postgresql://user:pass@localhost:5432/db"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", secret.Secret)
}

200 example

{
  "secret": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "apiOnly": true,
    "containerRegistryBasicAuthHost": "https://example.com",
    "createdAt": "2019-12-27T18:11:19.117Z",
    "creator": {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "principal": "PRINCIPAL_UNSPECIFIED"
    },
    "environmentVariable": true,
    "filePath": "filePath",
    "name": "name",
    "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "scope": {
      "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "serviceAccountId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "userId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"
    },
    "updatedAt": "2019-12-27T18:11:19.117Z"
  }
}

Returns Examples

200 example

{
  "secret": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "apiOnly": true,
    "containerRegistryBasicAuthHost": "https://example.com",
    "createdAt": "2019-12-27T18:11:19.117Z",
    "creator": {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "principal": "PRINCIPAL_UNSPECIFIED"
    },
    "environmentVariable": true,
    "filePath": "filePath",
    "name": "name",
    "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "scope": {
      "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "serviceAccountId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "userId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"
    },
    "updatedAt": "2019-12-27T18:11:19.117Z"
  }
}