}}

About Secret Store service permissions

The Secret Store service permissions control the ability of users to create, read, update, and delete secrets using either the Secrets API or the dcos security secrets commands of the Enterprise DC/OS CLI. These permissions are available in all security modes.

Note: The Secret Store service permissions do not affect access to secrets from the DC/OS web interface. At present, only users with the dcos:superuser permission can view or modify secrets from the DC/OS web interface.

Resource Action
dcos:secrets:list:default:/[path] read
Allows a user to view the names of the secrets within the designated path. At a minimum, you must include dcos:secrets:list:default:/, which allows the user to view the names of all secrets. To restrict the view to just the secrets inside a path, use dcos:secrets:list:default:/path.
Resource Action
dcos:secrets:default:[path-name/]secret-name createreadupdatedeletefull
Controls a user’s ability to access an individual secret. You must specify the name of the secret and the path, if any exists. The degree of access that the user has over the secret depends upon the action value. The full action gives the user all of the available actions.