Get Secret

curl --request GET \
  --url https://api.tusky.io/v2/secrets/{path}

{
  "path": "<string>",
  "data": {},
  "version": 123,
  "managed": true,
  "createdAt": "<string>"
}

GET

secrets

{path}

Get Secret

curl --request GET \
  --url https://api.tusky.io/v2/secrets/{path}

{
  "path": "<string>",
  "data": {},
  "version": 123,
  "managed": true,
  "createdAt": "<string>"
}

Read a secret at the specified path. The encrypted data is fetched from the Seal network and decrypted client-side.

Path Parameters

path

string

required

The path of the secret (e.g., production/database).

Query Parameters

version

number

Specific version to retrieve. Defaults to the latest.

Response

path

string

The secret path.

data

object

Key-value pairs containing the secret data.

version

number

Version number.

managed

boolean

true for Tusky-managed secrets (e.g., environment encryption keys), false for user-created.

createdAt

string

ISO 8601 timestamp.

Example

curl https://api.tusky.io/v2/secrets/production/database \
  -H "Api-Key: YOUR_API_KEY"

Response

{
  "path": "production/database",
  "data": {
    "host": "db.example.com",
    "port": "5432",
    "username": "app_user",
    "password": "s3cur3_p4ssw0rd"
  },
  "version": 1,
  "managed": false,
  "createdAt": "2026-03-06T14:00:00Z"
}

Managed secrets at tusky/environments/{envId}/encryption contain encryption keys for private environments. These are created automatically when an encrypted environment is created and cannot be deleted.

Put Secret

List Secrets

API Reference

Infrastructure

Environments

File Management

Secrets

Authentication

Notifications

Account

Get Secret

Path Parameters

Query Parameters

Response

Example

Response

API Reference

Infrastructure

Environments

File Management

Secrets

Authentication

Notifications

Account

​Path Parameters

​Query Parameters

​Response

​Example

​Response

Path Parameters

Query Parameters

Response

Example

Response