Skip to main content
POST
/
application
/
{applicationId}
/
secret
Add a secret to the application
curl --request POST \
  --url https://api.qovery.com/application/{applicationId}/secret \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "key": "<string>",
  "value": "<string>",
  "mount_path": null,
  "description": "<string>",
  "enable_interpolation_in_file": true
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "created_at": "2023-11-07T05:31:56Z",
  "key": "<string>",
  "updated_at": "2023-11-07T05:31:56Z",
  "overridden_secret": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "key": "<string>",
    "mount_path": "<string>",
    "description": "<string>",
    "enable_interpolation_in_file": true
  },
  "aliased_secret": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "key": "QOVERY_DATABASE_PSQL_NAME",
    "mount_path": "<string>",
    "description": "<string>",
    "enable_interpolation_in_file": true
  },
  "service_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "service_name": "<string>",
  "owned_by": "<string>",
  "description": "<string>",
  "enable_interpolation_in_file": true
}

Authorizations

Authorization
string
header
required

JWT tokens should be used with OIDC account (human to machine). JWT tokens used by the Qovery console to communicate with the API have a TTL. Curl Example ' curl https://console.qovery.com/organization -H "Authorization: Bearer $qovery_token" '

Path Parameters

applicationId
string<uuid>
required

Application ID

Body

application/json
key
string
required

key is case sensitive

value
string

value of the secret. Clear value will never be returned

mount_path
string | null

should be set for file only. variable mount path make secret a file (where file should be mounted).

description
string | null

optional variable description (255 character maximum)

Maximum string length: 255
enable_interpolation_in_file
boolean | null

Response

Add a secret

id
string<uuid>
required
read-only
created_at
string<date-time>
required
read-only
key
string
required

key is case sensitive

scope
enum<string>
required
Available options:
APPLICATION,
BUILT_IN,
ENVIRONMENT,
PROJECT,
CONTAINER,
JOB,
HELM,
TERRAFORM
updated_at
string<date-time>
read-only
overridden_secret
object
aliased_secret
object
variable_type
enum<string>

type of the environment variable (VALUE, FILE, ALIAS, OVERRIDE, BUIT_IN, EXTERNAL_SECRET)

Available options:
VALUE,
ALIAS,
OVERRIDE,
BUILT_IN,
FILE,
EXTERNAL_SECRET
service_id
string<uuid>
service_name
string
service_type
enum<string>

type of the service (application, database, job, gateway...)

Available options:
APPLICATION,
CONTAINER,
DATABASE,
JOB,
HELM,
TERRAFORM
owned_by
string

Entity that created/own the variable (i.e: Qovery, Doppler)

description
string | null

optional variable description (255 characters maximum)

Maximum string length: 255
enable_interpolation_in_file
boolean | null