Secrets - Administration

Saved Secrets list

The page opens on the Saved Secrets table, which lists every secret you have permission to see. The table shows these columns:

Secret Name – the name you gave the secret.
Filename – the optional filename associated with the secret (for example id_rsa.pub, server.crt). Shows - when blank.
Secret Type – one of the supported types described below.
Secret Subtype – the type-specific subtype (for example the API provider, database engine, key type, or certificate type).
Created Datetime – when the secret was created, shown in your local time.
Actions – per-row buttons to view and edit the secret.

The table supports pagination, adjustable rows-per-page, and column visibility. Use the column-visibility button above the table to hide or show columns and to reset back to the defaults. Each row also has a checkbox for selecting one or more secrets to delete.

The secret value is never displayed in this table. Only metadata is shown.

Secret types and subtypes

Each secret has a type, and most types also require a subtype. The supported types are:

API Keys – subtype is the API provider (for example Github, Salesforce).
Database Credentials – subtype is the database engine (mysql, Oracle, PostgreSQL, Microsoft SQL Server, sqlite3).
SSH Key – subtype is the key type (Public, Private, CA).
SSL Certificate – subtype is the certificate type (Root Certificate, Intermediate Certificate, Chain Certificate, Key File, Issued Certificate).

When a type requires a subtype, the Add/Edit dialog shows a required selector for it, and the secret cannot be saved until a valid subtype is chosen.

Adding a secret

Click Add Secret below the table to open the Add Secret dialog. The dialog has these fields:

Secret Name – required. The display name for the secret.
Filename – optional. An associated filename, for example id_rsa.pub, server.crt, or database.conf.
Secret Type – choose one of the supported types.
Secret Content – required. Paste the secret value here. This is a multi-line field.
Subtype selector – required for types that use a subtype. Its label changes with the selected type (API Provider, Database Engine, Key Type, or Certificate Type).

Click Save to store the secret, or Cancel to discard. Saving fails with an error message if the name or content is empty, or if a required subtype is not selected.

Viewing a secret

Click the view (eye) button on a row to open the view dialog. It shows the secret's metadata: secret type, filename (when set), subtype (when set), created-at, and updated-at timestamps.

For security, the secret value itself is not revealed in this dialog. The content area displays a placeholder indicating that the content is hidden.

Editing a secret

Click the edit (pencil) button on a row to open the Edit Secret dialog. The name, filename, type, and subtype are pre-filled from the existing secret.

The content field is not pre-filled, for security. In edit mode it is labeled Replace existing secret: enter new content to replace the stored value. Click Update to save your changes.

Deleting secrets

Select one or more rows using the checkboxes, then click Delete Selected. A confirmation dialog appears before anything is removed; confirm to delete or cancel to keep the secrets. You can delete a single secret or several at once.

Permissions

Actions on this page are gated by role-based access control. The relevant permissions are:

Add Secret – required to see the Add Secret button.
Edit Secret – required to see the per-row edit button.
Delete Secret – required to see the Delete Selected button.

Viewing the list and opening the view dialog do not require these permissions; the create, edit, and delete controls are hidden when you lack the matching permission.

Related pages

Vault status, including OpenBAO seal/unseal state, lives on the Settings page under Integrations, not on this page.
The Secrets Engine internals, including key rotation and OpenBAO storage, are documented under Professional+ Secrets.