> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a new Secret Value

> Creates a new secret value, which is encrypted in transit using the certificate of the provided Agent, then decrypted by the Agent and stored in plain-text within the Customer vault.



## OpenAPI

````yaml /openapi/public-api-endpoint-reference.yaml post /v1/secrets/{agentId}/secret-value
openapi: 3.1.0
info:
  title: Maia Public REST API
  version: '1.0'
servers:
  - description: EU1
    url: https://eu1.api.matillion.com/dpc
  - description: US1
    url: https://us1.api.matillion.com/dpc
security:
  - bearerAuth: []
tags:
  - description: Manage Schedules
    name: Schedules
  - description: Manage Connections
    name: Connections
  - description: Operations for managing Project Variables
    name: Project Variables
  - description: Manage Pipelines
    name: Pipelines
  - description: Review pipelines against quality rules
    name: Pipeline Quality Review
  - description: Execute tests within a project
    name: Test Execution
  - description: Manage your AI agent tasks
    name: AI Agent Tasks
  - description: SCIM endpoints for user/group permission management
    name: Directory Integration
  - description: Publish shared pipeline artifacts
    name: Shared Pipeline Artifacts
  - description: Manage Repositories
    name: Repositories
  - description: Report on Credit Consumption
    name: Consumption
  - description: Manage Artifacts
    name: Artifacts
  - description: Operations for data lineage and governance
    name: Data Lineage
  - description: Manage Streaming Pipelines
    name: Streaming Pipelines
  - description: Execute a pipeline
    name: Pipeline Execution
  - description: ''
    name: Environments
  - description: ''
    name: Projects
  - description: Manage Agents
    name: Agents
  - description: Operations for managing Environment-level Overrides of Project Variables
    name: Project Variable Environment Overrides
  - description: Query audit events
    name: Audit Events
  - description: Connector Profiles
    name: Connectors
paths:
  /v1/secrets/{agentId}/secret-value:
    post:
      tags:
        - Secrets
      summary: Create a new Secret Value
      description: >-
        Creates a new secret value, which is encrypted in transit using the
        certificate of the provided Agent, then decrypted by the Agent and
        stored in plain-text within the Customer vault.
      operationId: encryptAndStoreSecret
      parameters:
        - in: path
          name: agentId
          required: true
          schema:
            type: string
        - in: query
          name: projectId
          required: false
          schema:
            type: string
            format: uuid
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UnencryptedSecretRequest'
        required: true
      responses:
        '201':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResolverSecretReferenceResponse'
          description: Created
        '400':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Wrong request parameters used
        '403':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Unauthorized
        '409':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: A secret with that target name already exists in the vault location
        '500':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Unexpected error occurred
        '504':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Gateway timeout
components:
  schemas:
    UnencryptedSecretRequest:
      type: object
      properties:
        secret:
          $ref: '#/components/schemas/SecretValueRequest'
          description: Details of the secret to store in the customer vault.
      required:
        - secret
    ResolverSecretReferenceResponse:
      type: object
      properties:
        resolver_ref:
          type: string
        vaultSecretName:
          type: string
    ProblemDetail:
      type: object
      properties:
        detail:
          type: string
        instance:
          type: string
        status:
          type: integer
          format: int32
        title:
          type: string
        type:
          type: string
          format: uri
        violations:
          type: array
          items:
            type: string
    SecretValueRequest:
      type: object
      properties:
        key:
          type: string
          description: |2
               The optional top-level property to use inside the (json-valued) secret.
             This is used to build a reference to the secret being stored so it can be used in pipelines.
            If you are storing a single scalar
             secret, this can be the top-level property of the value being stored.
             Note that nested properties such as "parent.child" cannot be referenced here.

             If you are storing a complex JSON
             object and want to resolve the whole object, this should not be provided to allow the
             resolver to return the whole object from the secret.
          examples:
            - password
        name:
          type: string
          description: >
            The name of the secret to store. This is an identifier for the
            secret and should be

            unique in the project.
          example: my-secret
          minLength: 1
        type:
          type: string
          description: >-
            The type of the secret to store, such as PASSWORD or
            OAUTH_CLIENT_CREDENTIALS.
          example: PASSWORD
        value:
          $ref: '#/components/schemas/JsonNode'
          description: >-
            The secret value to write into the customer vault. This should be in
            JSON object format.
          examples:
            - clientId: my-client-id
              clientSecret: '12345'
            - password: P@ssw0rd123
      required:
        - name
    JsonNode: {}
  securitySchemes:
    bearerAuth:
      bearerFormat: JWT
      description: a valid bearer token
      scheme: bearer
      type: http

````