Skip to main content
PATCH
/
secrets
/
{secretId}
Update a secret
curl --request PATCH \
  --url https://api.onecli.sh/v1/secrets/{secretId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "value": "<string>",
  "opRef": "<string>",
  "opDisplay": {
    "vault": "<string>",
    "item": "<string>",
    "field": "<string>"
  },
  "hostPattern": "<string>",
  "pathPattern": "<string>",
  "injectionConfig": {
    "headerName": "<string>",
    "valueFormat": "<string>"
  }
}
'
{
  "success": true
}

Authorizations

Authorization
string
header
required

API key obtained from the dashboard or GET /user/api-key

Path Parameters

secretId
string
required

Body

application/json
name
string
Required string length: 1 - 255
valueSource
enum<string>
Available options:
inline,
onepassword
value
string
Required string length: 1 - 10000
opRef
string

1Password secret reference (op://vault/item/field). Required when valueSource is onepassword.

opDisplay
object
hostPattern
string
pathPattern
string | null
injectionConfig
Header injection · object

How the gateway injects this secret into matching outbound requests (generic secrets only). Exactly one variant:

  • Header{ "headerName": "Authorization", "valueFormat": "Bearer {value}" }
  • Query parameter{ "paramName": "key", "paramFormat": "{value}" }
  • URL path template{ "pathTemplate": "/bot{value}" } (must start with / and contain {value} exactly once)
  • URL path regex{ "pathRegex": "^/bot([^/]+)", "pathReplacement": "/bot{value}" } (replacement must contain {value})

Unknown or mixed keys are rejected.

Response

Secret updated

success
boolean