API Reference
Infrastructure
Environments
File Management
Authentication
Notifications
Account
Put Secret
Copy
curl --request PUT \
--url https://api.tusky.io/v2/secrets/{path} \
--header 'Content-Type: application/json' \
--data '{
"data": {}
}'Copy
{
"path": "<string>",
"version": 123,
"managed": true,
"createdAt": "<string>"
}Secrets
Put Secret
PUT
/
v2
/
secrets
/
{path}
Put Secret
Copy
curl --request PUT \
--url https://api.tusky.io/v2/secrets/{path} \
--header 'Content-Type: application/json' \
--data '{
"data": {}
}'Copy
{
"path": "<string>",
"version": 123,
"managed": true,
"createdAt": "<string>"
}Create or update a secret at the specified path. Secrets are global to your account. The data is encrypted using Sui Seal — Tusky never has access to the plaintext values.
Path Parameters
The path to store the secret at. Use
/ separators for hierarchy (e.g., production/database/password).Request Body
Key-value pairs to store. Values are strings.
Response
The full path of the stored secret.
Version number. Increments on each update.
false for user-created secrets.ISO 8601 timestamp.
Example
Copy
curl -X PUT https://api.tusky.io/v2/secrets/production/database \
-H "Api-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"data": {
"host": "db.example.com",
"port": "5432",
"username": "app_user",
"password": "s3cur3_p4ssw0rd"
}
}'
Response
Copy
{
"path": "production/database",
"version": 1,
"managed": false,
"createdAt": "2026-03-06T14:00:00Z"
}
Secrets are encrypted client-side using Sui Seal. Access is controlled by on-chain policies.
You cannot write to paths under
tusky/ — these are reserved for managed secrets created automatically by Tusky (e.g., encryption keys for private environments).⌘I