> ## Documentation Index > Fetch the complete documentation index at: https://ona.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # File secrets File secrets mount sensitive data as files in your environment. They're created automatically when your environment starts, so applications (and agents) can read them like any other file. ## When to use file secrets Use file secrets for: * **Certificates and keys** - TLS certificates, SSH keys, service account credentials * **Config files** - JSON configurations, kubeconfig, cloud provider configs * **Multi-line content** - Anything that doesn't fit in an environment variable Agents often need file secrets for SSH keys (Git operations), service account JSON files (cloud access), or config files that MCP servers expect at specific paths. ## Create a file secret 1. Navigate to **Project → Secrets** or **Settings → Secrets** 2. Click **New Secret**, then choose **File** from the **Secret type** dropdown 3. Configure: * **Name**: Identifier for the secret * **Secret**: File contents (max 10KB) * **File Location**: Where the file appears in your environment (e.g., `/home/gitpod/.ssh/id_rsa`) New secret dialog with File type showing name, secret, and file location fields The file location cannot be changed after creation. ## Access the file The file is automatically available at your specified path: ```bash theme={null} cat /home/gitpod/.config/gcloud/application_default_credentials.json ``` No special code needed. Read it like any file. ## Update a file secret 1. Navigate to **Project → Secrets** or **Settings → Secrets** 2. Click **Edit**, update the value, click **Update** Updated content is automatically propagated to running environments (within 2 minutes). The file at the mount path is updated in place.