Skip to content


In DataOS, Secrets are Resources designed for the secure storage of sensitive information, including usernames, passwords, certificates, tokens, or keys within the confines of a specific DataOS Workspace.

To mitigate the risk of exposing confidential data, Secrets in DataOS separate sensitive information from application code or configuration files. This practice minimizes the chance of accidental exposure during resource management phases like creation, viewing, or editing. By leveraging Secrets, data developers safeguard sensitive information, thus reducing security vulnerabilities in their data workflows.

Operators can exercise precise control over who can retrieve credentials from Secrets, if in your organisation any data developer need access to secrets you can assign them a 'read secret' use case using Bifrost.

First Steps

Secret Resource in DataOS can be created by applying the manifest file using the DataOS CLI. To learn more about this process, navigate to the link: First steps.


Secret can be configured to secure the credentials infromation in the form of key value pairs. For a detailed breakdown of the configuration options and attributes, please refer to the documentation: Attributes of Secret manifest.


Below are some recipes to help you configure and utilize Secret effectively:

How to refer Secret in other DataOS Resources?

How to set up secrets to pull images from a private container registry for Docker credentials?