Skip to main content
POST
/
cloud
/
v1
/
secrets
/
{project_id}
/
{region_id}
Create secret
curl --request POST \
  --url https://api.gcore.com/cloud/v1/secrets/{project_id}/{region_id} \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '{
  "algorithm": "aes",
  "bit_length": 256,
  "expiration": "2025-12-28T19:14:44.180394",
  "mode": "cbc",
  "name": "AES key",
  "payload": "aGVsbG8sIHRlc3Qgc3RyaW5nCg==",
  "payload_content_encoding": "base64",
  "payload_content_type": "application/octet-stream",
  "secret_type": "certificate"
}'
{
  "tasks": [
    "d478ae29-dedc-4869-82f0-96104425f565"
  ]
}

Authorizations

Authorization
string
header
required

API key for authentication. Make sure to include the word apikey, followed by a single space and then your token. Example: apikey 1234$abcdef

Path Parameters

project_id
integer
required

Project ID

Examples:

1

region_id
integer
required

Region ID

Examples:

1

Body

application/json
name
string
required

Secret name

Examples:

"AES key"

payload
string<password>
required

Secret payload. For HTTPS-terminated load balancing, provide base64 encoded conents of a PKCS12 file. The PKCS12 file is the combined TLS certificate, key, and intermediate certificate chain obtained from an external certificate authority. The file can be created via openssl, e.g.'openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12'The key and certificate should be PEM-encoded, and the intermediate certificate chain should be multiple PEM-encoded certs concatenated together

Examples:

"aGVsbG8sIHRlc3Qgc3RyaW5nCg=="

payload_content_encoding
enum<string>
required

The encoding used for the payload to be able to include it in the JSON request. Currently only base64 is supported

Available options:
base64
payload_content_type
string
required

The media type for the content of the payload

Examples:

"application/octet-stream"

secret_type
enum<string>
required

Secret type. symmetric - Used for storing byte arrays such as keys suitable for symmetric encryption; public - Used for storing the public key of an asymmetric keypair; private - Used for storing the private key of an asymmetric keypair; passphrase - Used for storing plain text passphrases; certificate - Used for storing cryptographic certificates such as X.509 certificates; opaque - Used for backwards compatibility with previous versions of the API

Available options:
certificate,
opaque,
passphrase,
private,
public,
symmetric
algorithm
string | null

Metadata provided by a user or system for informational purposes.

Examples:

"aes"

bit_length
integer | null

Metadata provided by a user or system for informational purposes. Value must be greater than zero.

Required range: x > 0
Examples:

256

expiration
string | null

Datetime when the secret will expire.

Examples:

"2025-12-28T19:14:44.180394"

mode
string | null

Metadata provided by a user or system for informational purposes.

Examples:

"cbc"

Response

200 - application/json

OK

tasks
string[]
required

List of task IDs representing asynchronous operations. Use these IDs to monitor operation progress: * GET /v1/tasks/{task_id} - Check individual task status and details Poll task status until completion (FINISHED/ERROR) before proceeding with dependent operations.

Examples:
["d478ae29-dedc-4869-82f0-96104425f565"]
I