How To: Create new Secret Store

Learn how to create new secrets in your Radius Application

Radius secret stores securely manage secrets for your Environment and Application.

By default, Radius leverages the hosting platform’s secrets management solution to create and store the secret. For example, if you are deploying to Kubernetes, the secret store will be created as a Kubernetes Secret.


Step 1: Add a Secret Store

Open the app.bicep from the current working directory and add a new Secret Store resource

@description('The data for your TLS certificate')
param tlscrt string

@description('The key for your TLS certificate')
param tlskey string

resource appCert 'Applications.Core/secretStores@2023-10-01-preview' = {
  name: 'appcert'
    application: application
    type: 'certificate'
    data: {
      'tls.key': {
        value: tlskey
      'tls.crt': {
        value: tlscrt

In this example a new secret store resource is created for storing a TLS certificate in it.

Step 2: Deploy the application

Deploy the application with rad deploy:

rad deploy app.bicep -a secretdemo 

Step 3: Verify the secrets are deployed

Use the below command to verify if the secret got deployed:

kubectl get secret -n default-secretdemo

You will find appCert of type automatically created.

Further reading