Skip to main content
Manage Docker registry credentials and other secrets.

create_secret

Creates a secret for an organization. The data payload depends on secret_type:
secret_typedata payload
docker_hub{"username": "...", "token": "..."}
depot{"username": "...", "token": "..."}
NVIDIA NIM{"server": "nvcr.io", "username": "$oauthtoken", "password": "..."}
Use environment variables for credentials; do not hardcode secrets. 
import os
from dotenv import load_dotenv
load_dotenv()

from simplismart import SecretCreate, Simplismart

client = Simplismart()

# Docker Hub
secret = client.create_secret(
    SecretCreate(
        name="registry-secret",
        secret_type="docker_hub",
        data={
            "username": os.getenv("SECRET_DOCKERHUB_USERNAME", "your-username"),
            "token": os.getenv("SECRET_DOCKERHUB_TOKEN", "your-token"),
        },
    )
)

# Depot (same data shape as Docker Hub)
# secret = client.create_secret(
#     SecretCreate(name="depot-registry-secret", secret_type="depot", data={...})
# )

# NVIDIA NIM
# secret = client.create_secret(
#     SecretCreate(
#         name="nvidia-secret",
#         secret_type="nvidia_nim",
#         data={"server": "nvcr.io", "username": "$oauthtoken", "password": os.getenv("NVIDIA_OAUTH_TOKEN")},
#     )
# )

SecretCreate

ParameterTypeDescriptionRequired
namestrSecret name (1-255 chars)Yes
secret_typestrSecret type. Options: docker_hub, depot, nvidia_nimYes
datadictSecret data; shape depends on secret_type (see table above)Yes

list_secrets

Lists secrets for an organization. 
secrets = client.list_secrets(org_id="org-uuid")
Expected output — object with data array of secret summaries (no credential values): 
{
  "data": [
    {
      "uuid": "secret-uuid",
      "name": "registry-secret",
      "secret_type": "docker_hub",
      "created_at": "2024-09-12T13:01:55.465292Z",
      "updated_at": "2024-09-12T13:01:55.465316Z",
      "org": "org-uuid"
    }
  ]
}

get_secret

Gets a specific secret by ID. Note: The API may return secret data (e.g. credentials); do not log or expose it. 
secret = client.get_secret(secret_id=os.getenv("SECRET_ID", "secret-uuid"))
print(secret)
Expected output — structure only; actual data payload is sensitive and must not be committed or logged: 
{
  "data": {
    "uuid": "secret-uuid",
    "name": "registry-secret",
    "secret_type": "docker_hub",
    "org_id": "org-uuid",
    "data": "<redacted — do not log or expose>"
  }
}