# CREATE SECRET

## Syntax

```sql
CREATE SECRET [IF NOT EXISTS] secret_name WITH (secret_parameter = value [, ...]);
```

## Description <a href="#description" id="description"></a>

Creates a new secret within the organization.

### Arguments

#### secret\_name

Name of the secret to define. If the name is case sensitive you must wrap it in double quotes; otherwise the system uses the lower case name.

#### WITH (secret\_parameter = value \[, …​ ])

This clause specifies secret parameters; see [secret parameters](#_secret__parameters) for more information.

### Secret Parameters <a href="#secret_parameters" id="secret_parameters"></a>

| Parameter Name                              | Description                                                                                                                                                                                                 |
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `type`                                      | <p>Required. Specifies the secret type.</p><p><br><strong>Type:</strong> <code>SECRET\_TYPE</code></p><p><strong>Valid values:</strong> <code>GENERIC\_SECRET</code></p>                                    |
| `access_region`                             | <p>Required, unless specified in <code>properties.file</code>. Specifies the region in which the secret is available.<br><strong>Valid values:</strong> See <a href="broken-reference">LIST REGIONS</a></p> |
| `description`                               | <p>Optional. A description for the secret.<br><strong>Type:</strong> String</p>                                                                                                                             |
| ### **GENERIC\_SECRET Specific Parameters** |                                                                                                                                                                                                             |

Parameters to be used if `type` is `GENERIC_SECRET`:

| Parameter Name  | Description                                                                                                                                                                                                                                                                                                   |
| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `secret_string` | <p>The string to store in the secret. The string can function as either an API token or a sensitive value string, to be utilized within the handler code of a user-defined function (UDF).<br><br><strong>Required:</strong> Yes<br><strong>Default value:</strong> None<br><strong>Type:</strong> String</p> |

## Examples

#### Create a GENERIC\_SECRET

The following creates a new secret name `my_secret`:

```sh
db.public/sfstore# CREATE SECRET IF NOT EXISTS
    my_secret  
WITH ( 
    'type' = GENERIC_STRING, 
    'access_region' = "AWS us-east-1", 
    'secret_string' = 'SGVsbG8gRGVsdGFzU3RyZWFtIQo=', 
    'description' = 'This is a generic_string secret'
);
+------------+------------+------------+------------------------------------------+
|  Type      |  Name      |  Command   |  Summary                                 |
+============+============+============+==========================================+
| secret     | my_secret  | CREATE     | secret "my_secret" was successfully      |
|            |            |            | created                                  |
+------------+------------+------------+------------------------------------------+
```