Secret
Section titled “Secret”class Secret(SecretDto)Represents an organization-scoped Daytona Secret.
The plaintext value is write-only and is never returned by the API. When a Secret is
referenced from a Sandbox, the injected environment variable holds the opaque placeholder
token, not the real value. The real value is substituted transparently on outbound requests
to the Secret’s allowed hosts.
Attributes:
idstr - Unique identifier for the Secret.namestr - Name of the Secret (unique within the organization).descriptionstr | None - Optional description of the Secret.placeholderstr - Opaque token injected as the env var value in Sandboxes.hostslist[str] - Hosts the Secret value may be sent to (may be empty).created_atdatetime - Date and time when the Secret was created.updated_atdatetime - Date and time when the Secret was last updated.
SecretService
Section titled “SecretService”class SecretService()Service for managing organization-scoped Daytona Secrets.
Can be used to create, list, get, update and delete Secrets. Secrets can be mounted into
Sandboxes as environment variables by referencing them via the secrets field on the
create-sandbox parameters. The Sandbox only ever sees the Secret’s opaque placeholder; the
real value is substituted at the network egress layer for the Secret’s allowed hosts.
SecretService.list
Section titled “SecretService.list”def list() -> list[Secret]List all Secrets in the organization.
Returns:
list[Secret]- List of all Secrets in the organization.
Example:
daytona = Daytona()secrets = daytona.secret.list()for secret in secrets: print(f"{secret.name} ({secret.id})")SecretService.get
Section titled “SecretService.get”@with_instrumentation()def get(secret_id: str) -> SecretGet a Secret by its ID.
Arguments:
secret_idstr - ID of the Secret to retrieve.
Returns:
Secret- The requested Secret.
Raises:
NotFoundException- If the Secret does not exist.
Example:
daytona = Daytona()secret = daytona.secret.get("secret-id")print(f"{secret.name} can be used on {', '.join(secret.hosts)}")SecretService.create
Section titled “SecretService.create”@with_instrumentation()def create(params: CreateSecretParams) -> SecretCreate a new Secret.
Arguments:
paramsCreateSecretParams - Parameters for the new Secret.
Returns:
Secret- The newly created Secret (without the plaintextvalue).
Raises:
ApiException- If a Secret with the same name already exists in the organization (409).
Example:
daytona = Daytona()secret = daytona.secret.create( CreateSecretParams( name="anthropic-prod", value="sk-ant-...", hosts=["api.anthropic.com"], ))print(f"Created secret {secret.name} with placeholder {secret.placeholder}")SecretService.update
Section titled “SecretService.update”@with_instrumentation()def update(secret_id: str, params: UpdateSecretParams) -> SecretUpdate an existing Secret. Omitted fields are left unchanged.
Arguments:
secret_idstr - ID of the Secret to update.paramsUpdateSecretParams - Fields to update.
Returns:
Secret- The updated Secret.
Raises:
NotFoundException- If the Secret does not exist.
Example:
daytona = Daytona()secret = daytona.secret.update( "secret-id", UpdateSecretParams( value="sk-ant-new-value", hosts=["api.anthropic.com", "*.anthropic.com"], ),)SecretService.delete
Section titled “SecretService.delete”@with_instrumentation()def delete(secret_id: str) -> NoneDelete a Secret.
Arguments:
secret_idstr - ID of the Secret to delete.
Raises:
NotFoundException- If the Secret does not exist.
Example:
daytona = Daytona()daytona.secret.delete("secret-id")print("Secret deleted")CreateSecretParams
Section titled “CreateSecretParams”class CreateSecretParams(BaseModel)Parameters for creating a new Secret.
Attributes:
namestr - Name of the Secret. Must match^[a-zA-Z_][a-zA-Z0-9_-]*$and be unique within the organization.valuestr - The plaintext Secret value. Stored encrypted and never returned by the API.descriptionstr | None - Optional description of the Secret.hostslist[str] | None - Hosts the Secret value may be sent to. Each entry is a hostname (api.example.com) or a*.wildcard (*.example.com); ports are not supported. Omit to leave the Secret unrestricted.
UpdateSecretParams
Section titled “UpdateSecretParams”class UpdateSecretParams(BaseModel)Parameters for updating an existing Secret. Omitted fields are left unchanged.
Attributes:
valuestr | None - Replaces the stored Secret value when present.descriptionstr | None - Optional description of the Secret.hostslist[str] | None - Hosts the Secret value may be sent to. Same constraints as :class:CreateSecretParams.hosts.