How to create and manage credentials for repositories with Kargo CLI and using declarative Kargo Secret specs
Generic secrets in Kargo can be created using the kargo CLI or managed declaratively using Kargo Secret Specs.
Option 1: Existing CLI Capability
To create repository credentials, you can use the following command:
kargo create credentials my-creds \
--project kargo-helm-prom-stack \
--git \
--repo-url https://github.com/your-gh-repo/kargo-helm-prom-stack \
--username foo \
--password bar
Option 2: Declarative Spec
Secrets can also be created using declarative Kubernetes manifests for GitOps-style management.
apiVersion: v1
data:
adminAccountPasswordHash: $2a$10$wThs/VVwx5Tbygkk5Rzbv.V8hR8JYYmRdBiGjue9pd0YcEXl7.Kn.
kind: Secret
metadata:
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/name: kargo
name: kargo-secret✅ Ensure the project exists before running the command.
Summary:
-
Secrets can be created using the
kargo create credentialsCLI. -
Declarative management using standard Kubernetes
Secretmanifests is supported. -
This allows teams to choose between interactive and GitOps-based workflows.
References:
https://docs.akuity.io/reference/declarative-specs/kargo-instance-specs/kargo-secret-spec
https://docs.kargo.io/user-guide/security/managing-credentials/