Documentation | Secrets

Secrets

SecretsResource

Methods

client.secrets.create() ->

Deprecated

post/v5/sgp/secrets

Create an account-level secret.

The secret value is stored in the cloud provider's secret store. SGP only stores metadata (key name, description, audit info). The value is never returned by any API. Returns 409 if a secret with the same key already exists.

Parameters

key: str

(maxLength: 90, minLength: 1)

Secret name (e.g. openai-api-key). Must be lowercase alphanumeric with hyphens (no dots or underscores), so it maps 1:1 to a valid secret name on every cloud backend (AWS / Azure Key Vault / GCP Secret Manager).

value: str

(minLength: 1)

The secret value to store

description: Optional[str]

Optional human-readable description

Returns

CloudSecret

id: str

account_id: str

cloud_secret_path: str

created_at:

datetime

(format: date-time)

created_by:

Identity

The identity that created the entity.

key: str

description: Optional[str]

object: Optional[Literal["sgp_cloud_secret"]]

(default: "sgp_cloud_secret")

updated_at: Optional[datetime]

(format: date-time)

Timestamp of last update.

updated_by: Optional[str]

User who last updated the secret.

Request example

import os
from scale_gp_beta import SGPClient

client = SGPClient(
    api_key=os.environ.get("SGP_API_KEY"),  # This is the default and can be omitted
)
cloud_secret = client.secrets.create(
    key="key",
    value="x",
)
print(cloud_secret.id)

200Example

{
  "id": "id",
  "account_id": "account_id",
  "cloud_secret_path": "cloud_secret_path",
  "created_at": "2019-12-27T18:11:19.117Z",
  "created_by": {
    "id": "id",
    "type": "user",
    "object": "identity"
  },
  "key": "key",
  "description": "description",
  "object": "sgp_cloud_secret",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "updated_by": "updated_by"
}

client.secrets.list() -> SyncCursorPage[

CloudSecret

]

Deprecated

get/v5/sgp/secrets

List secret metadata for the account. Values are never returned.

client.secrets.retrieve() ->

CloudSecret

Deprecated

get/v5/sgp/secrets/{secret_id}

Get a single secret's metadata by ID. The value is never returned.

client.secrets.update(, ) ->

CloudSecret

Deprecated

patch/v5/sgp/secrets/{secret_id}

Update an existing secret's description and/or value.

If value is provided, the cloud provider secret is updated. The secret value is never returned by any API.

client.secrets.delete()

Deprecated

delete/v5/sgp/secrets/{secret_id}

Delete a secret from both the cloud provider and SGP metadata.

Domain types

class CloudSecret: ...

API response model for a secret. Never includes the secret value.