> For the complete documentation index, see [llms.txt](https://v2.dataos.info/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://v2.dataos.info/concepts/resources/secret/manifest-configuration.md).

# Manifest configurations

## Structure of a Secret manifest file

```yaml
name: ${{secret-name}}
version: v2alpha
type: secret
tags:
  - ${{tag-1}}
  - ${{tag-2}}
description: ${{secret-description}}
owner: ${{owner-id}}
secret:
  type: key-value
  data:
    username: ${{username}}
    password: ${{password}}  
  files:
    gcp_json_key: ${{json-file-path}}
```

## Configuration

### Resource meta section

This section is the header of the manifest file. It defines the overall characteristics of the Secret Resource you want to create, using attributes common to all Resource types in DataOS. DataOS uses these attributes to identify, categorize, and manage Resources.

#### `name`

**Description:** A unique name for this Secret Resource. This name is used to identify and reference the Secret in DataOS.

<table data-header-hidden><thead><tr><th width="132"></th><th width="169"></th><th width="137"></th><th></th></tr></thead><tbody><tr><td><strong>Data Type</strong></td><td><strong>Requirement</strong></td><td><strong>Default Value</strong></td><td><strong>Possible Value</strong></td></tr><tr><td>string</td><td>mandatory</td><td>none</td><td><ul><li>must match the RegEx<br><code>[a-z]([-_.a-z0-9]*[a-z0-9])</code></li><li>must be less than 60 characters</li><li>must start with a lowercase letter</li><li>must end with a lowercase letter or digit (for example, <code>test-secret-</code> is invalid; use <code>test-secret</code>)</li></ul></td></tr></tbody></table>

**Example usage:**

```yaml
name: ${{secret-name}}
```

***

#### **`version`** <a href="#version" id="version"></a>

**Description:** API version of the Secret schema. It tells DataOS which manifest structure and validation rules to apply.

| **Data Type** | **Requirement** | **Default Value** | **Possible Value** |
| ------------- | --------------- | ----------------- | ------------------ |
| string        | mandatory       | none              | v2alpha            |

**Example usage:**

```yaml
version: v2alpha
```

***

#### **`type`** <a href="#type" id="type"></a>

**Description:** Resource kind identifier. Set this to `secret` to tell DataOS that this manifest creates a Secret Resource.

| **Data Type** | **Requirement** | **Default Value** | **Possible Value** |
| ------------- | --------------- | ----------------- | ------------------ |
| string        | mandatory       | none              | secret             |

**Example usage:**

```yaml
type: secret
```

***

#### **`description`** <a href="#description" id="description"></a>

**Description:** Human-readable summary of what this Secret is for (for example, which system it connects to and where it is used).

| **Data Type** | **Requirement** | **Default Value** | **Possible Value** |
| ------------- | --------------- | ----------------- | ------------------ |
| string        | optional        | none              | any string         |

**Additional information:** The description can be within quotes or without.

> YAML supports *scalars* such as strings, numbers, booleans, and null. A scalar value can be unquoted, within single quotes (') or double quotes ("). When the scalar contains a special character, the value must be declared within quotes.

**Example usage:**

```yaml
description: ${{secret-description}}
```

***

#### **`owner`** <a href="#owner" id="owner"></a>

**Description:** User ID of the owner responsible for this Secret. Ownership helps with governance, auditability, and operations.

| **Data Type** | **Requirement** | **Default Value**                    | **Possible Value**       |
| ------------- | --------------- | ------------------------------------ | ------------------------ |
| string        | optional        | id of the user applying the Resource | any valid dataos user id |

**Example usage:**

```yaml
owner: ${{owner-id}}
```

***

#### **`layer`** <a href="#layer" id="layer"></a>

**Description:** Deployment layer for the Secret. Use this to define whether the Resource belongs to the `user` or `system` layer.

| **Data Type** | **Requirement** | **Default Value** | **Possible Value** |
| ------------- | --------------- | ----------------- | ------------------ |
| string        | optional        | user              | user/system        |

**Additional information:** The operating system works at two layers: user and system. This is a logical separation to help you understand how the system works.\
**Example usage:**

```yaml
layer: user
```

***

### **Resource-specific section**

This section is specific to Secret Resource configurations.

#### **`secret`** <a href="#resource-type" id="resource-type"></a>

**Description:** Resource-specific configuration block. For Secrets, this block contains how credentials are stored and the actual secret values/files.

<table data-header-hidden><thead><tr><th width="141"></th><th width="147"></th><th width="143"></th><th></th></tr></thead><tbody><tr><td><strong>Data Type</strong></td><td><strong>Requirement</strong></td><td><strong>Default Value</strong></td><td><strong>Possible Value</strong></td></tr><tr><td>mapping</td><td>mandatory</td><td>none</td><td>attributes specific for a particular \&#x3C;resource-type></td></tr></tbody></table>

> Declaring the Resource type (for example `workflow:` followed by a space) creates a *mapping* in YAML. For the key-value pairs inside each mapping, see the page for the relevant DataOS Resource.

**Example usage:**

```yaml
secret:
  type: key-value
  data:
    USERNAME: ${{username}}
    PASSWORD: ${{password}}
```

***

#### **`secret.type`**

**Description:** Storage format for Secret entries. Use `key-value` when credentials are provided as key-value pairs under `secret.data`.

| **Data Type** | **Requirement** | **Default Value** | **Possible Value** |
| ------------- | --------------- | ----------------- | ------------------ |
| string        | mandatory       | none              | key-value          |

**Example usage:**

```yaml
secret:
  type: key-value
```

***

#### **`secret.data`**

**Description:** Key-value entries to be stored securely in the Secret. Each key is a field name (for example, `USERNAME`) and each value is sensitive content (for example, passwords, tokens, or keys). For multi-line values, use YAML block scalars (for example, `|`).

| **Data Type** | **Requirement** | **Default Value** | **Possible Value**              |
| ------------- | --------------- | ----------------- | ------------------------------- |
| mapping       | optional        | none              | source-specific key-value pairs |

**Example usage:**

```yaml
secret:
  type: key-value
  data:
    username: ${{username}}
    password: ${{password}}
```

***

#### **`secret.files`**

**Description:** File-based secret entries to be stored securely in the Secret. Use this when the secret value comes from a file (for example, JSON key files, certificates, or private keys). Each key is the field name to store in the Secret, and each value is the file path to read content from. At least one of `secret.data` or `secret.files` must be provided.

| **Data Type** | **Requirement** | **Default Value** | **Possible Value**                         |
| ------------- | --------------- | ----------------- | ------------------------------------------ |
| mapping       | optional        | none              | key-value pairs where value is a file path |

**Example usage:**

```yaml
secret:
  type: key-value
  files:
    gcp_json_key: ${{json-file-path}}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://v2.dataos.info/concepts/resources/secret/manifest-configuration.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
