Secrets API
Secrets are stored as Kubernetes Secrets in friend namespaces. The portal API provides CRUD operations, and the admin/agent API provides listing.
Portal Endpoints (Friend Session)
Section titled “Portal Endpoints (Friend Session)”List Secrets
Section titled “List Secrets” GET /api/portal/secrets friend
List all secrets in the friend's namespace.
Response:
[ {"name": "openai-key", "type": "Opaque", "keys": ["OPENAI_API_KEY"]}, {"name": "github-token", "type": "Opaque", "keys": ["GITHUB_TOKEN"]}]Get Secret
Section titled “Get Secret” GET /api/portal/secrets/:name friend
Read a specific secret's data (base64-decoded values).
Response:
{ "name": "openai-key", "data": { "OPENAI_API_KEY": "sk-..." }}Create Secret
Section titled “Create Secret” POST /api/portal/secrets friend
Create a new secret in the friend's namespace.
Body:
{ "name": "openai-key", "data": { "OPENAI_API_KEY": "sk-..." }}Returns 409 if the secret already exists.
Update Secret
Section titled “Update Secret” PUT /api/portal/secrets/:name friend
Replace a secret's data (delete + recreate).
Body:
{ "data": { "OPENAI_API_KEY": "sk-new-key..." }}Delete Secret
Section titled “Delete Secret” DELETE /api/portal/secrets/:name friend
Delete a secret from the friend's namespace.
Admin/Agent Endpoints
Section titled “Admin/Agent Endpoints”List Friend Secrets
Section titled “List Friend Secrets” GET /api/friends/:id/secrets admin
List secrets in a friend's namespace (admin view).