---
title: Secret store secret
summary: A secret within a secret store. Learn more about secret stores.
url: https://www.fastly.com/documentation/reference/api/services/resources/secret-store-secret
---
A secret within a secret store. Learn more about secret stores.
## Data model
| Field | Type | Description |
|-------|------|-------------|
| `client_key` | string | The Base64-encoded string containing the client key used to encrypt the secret, if applicable. |
| `name` | string | A human-readable name for the secret. The value must contain only letters, numbers, dashes (-), underscores (_), and periods (.). |
| `secret` | string | A Base64-encoded string containing either the secret or the encrypted secret (when using client_key). The maximum secret size (before Base64 encoding and optional local encryption) is 64KB. |
| `created_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `digest` | string | An opaque identifier of the plaintext secret value. This can be used to determine if a secret value has changed. (Read-only) |
| `recreated` | boolean | True if the secret replaced a secret with the same name. |
## API endpoints
### List secrets within a store
**GET** `/resources/stores/secret/{store_id}/secrets`
List all secrets within a store.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `cursor` | string | query | No | Cursor value from the next_cursor field of a previous response, used to retrieve the next page. To request the first page, this should be empty. |
| `limit` | string | query | No | Number of results per page. The maximum is 200. |
| `store_id` | string | path | Yes | UUID of the store. |
### Create or recreate a secret in a store
**PUT** `/resources/stores/secret/{store_id}/secrets`
Create or recreate a secret based on the secret's name.
The response object's recreated field will be true if the secret was recreated.
The secret field must be Base64-encoded because a secret can contain binary data.
In the example below, the unencoded secret is "Hello, world!".
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `store_id` | string | path | Yes | UUID of the store. |
### Create a new secret in a store
**POST** `/resources/stores/secret/{store_id}/secrets`
Create a new secret in a store.
Returns an error if a secret already exists with the same name.
See PUT and PATCH methods for ways to recreate an existing secret.
The secret field must be Base64-encoded because a secret can contain binary data.
In the example below, the unencoded secret is "Hello, world!".
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `store_id` | string | path | Yes | UUID of the store. |
### Recreate a secret in a store
**PATCH** `/resources/stores/secret/{store_id}/secrets`
Recreate a secret based on the secret's name.
Returns an error if there is no existing secret with the same name.
The secret field must be Base64-encoded because a secret can contain binary data.
In the example below, the unencoded secret is "Hello, world!".
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `store_id` | string | path | Yes | UUID of the store. |
### Get secret metadata
**GET** `/resources/stores/secret/{store_id}/secrets/{secret_name}`
Get metadata about a secret by name.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `secret_name` | string | path | Yes | Named identifier for the new secret store value. |
| `store_id` | string | path | Yes | UUID of the store. |
### Delete a secret from a store
**DELETE** `/resources/stores/secret/{store_id}/secrets/{secret_name}`
Delete a secret from a store by name.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `secret_name` | string | path | Yes | Named identifier for the new secret store value. |
| `store_id` | string | path | Yes | UUID of the store. |