Skip to content

Manage secrets

The OpenFaaS CLI allows you to create, update, list and delete secrets using faas-cli instead of Docker or Kubernetes command line tools.

The reason behind this is to give you simplicity when you need to use secrets for your functions as well as to provide a layer of abstraction, as it will work for both Kubernetes and Docker Swarm.


To create a secret from stdin, you can run:

faas-cli secret create secret-name
or use pipe instead:
cat 04385e5c413c10ed68afb010ebe8c5dd706aa20a | faas-cli secret create secret-name
cat ~/Downloads/derek.pem | faas-cli secret create secret-name

If you want to pass a value then do:

faas-cli secret create secret-name --from-literal="04385e5c413c10ed68afb010ebe8c5dd706aa20a"

To create it from file use:

faas-cli secret create secret-name --from-file=~/Downloads/derek.pem

You can pass --gateway flag if you'd like to create the secret for a specific OpenFaaS instance.


From stdin:

faas-cli secret update secret-name
cat 04385e5c413c10ed68afb010ebe8c5dd706aa20a | faas-cli secret update secret-name
cat ~/Downloads/derek.pem | faas-cli secret update secret-name

From literal:

faas-cli secret update secret-name --from-literal="04385e5c413c10ed68afb010ebe8c5dd706aa20a"

From file:

faas-cli secret update secret-name --from-file=~/Downloads/derek.pem


To list secrets for an OpenFaaS instance use:

faas-cli secret list --gateway
faas-cli secret ls --gateway
If you have set $OPENFAAS_URL you can use only
faas-cli secret ls

This will output:



You can delete secrets with:

faas-cli secret remove secret-name
faas-cli secret remove secret-name --gateway=