Use secret versions

Now that you know how to read and write secrets, this is a good time to learn something about secret versions. Secret versions protect against accidentally overwriting a secret and are useful when doing a rolling update of your infrastructure.

Alright, let’s write once more to the secret you created before, but now type in a different value:

secrethub write your-username/start/hello-world

Notice that :2 (or higher if you wrote multiple times) is appended to the path that is printed out. This suffix indicates the version number that has just been written.

You can access any version of a secret by appending :<version> to the path. The latest version can be retrieved by appending :latest or by leaving the version out altogether.

secrethub read your-username/start/hello-world:latest

To access the first version of the secret, simply append :1:

secrethub read your-username/start/hello-world:1

️️➡️ Next, let’s see how to inject secrets into config files.