# vpctl secret commands > Generate and deploy Kubernetes Secret manifests from a secrets.import.yaml input Use the `secret` command group to render Kubernetes `Secret` manifests from your import file and apply them to your cluster. ## Generate secrets Create Kubernetes secret YAML files from your secret definitions. For the import file format, refer to `secrets.import.example.yaml` which is shipped in the release package. ```sh vpctl secret generate --import secrets.import.yaml --use-defaults ``` **Parameters:** * `--import`: Path to the secrets import file. See `secrets.import.example.yaml` for the format. * `--use-defaults`: Use default values or auto-generate values without prompts (non-interactive mode). If a required field has no default or auto-generate option, the tool writes `TBD` and logs a warning so you can update it before deployment. * `--output`: Output file path (defaults to `secrets.yaml`). * `--name`: Generate only the specified secret by name. * `--extracted-release`: Path to the extracted release directory (defaults to `./extracted-release`). * `--clean-output`: Clear the output file before generating (default: false). * `--skip-version-check`: Skip the vpctl version compatibility check against the release package. * `--persist [path]`: Save generated values to an import-format file for reuse in subsequent runs. Pass without a value to use the default `secrets.import.yaml`, or specify a custom path. On later runs, the tool loads the persisted file and reuses existing values without regenerating them. Example: ```sh vpctl secret generate --import secrets.import.yaml --use-defaults --output ./generated-secrets.yaml ``` ## Deploy secrets to Kubernetes Apply the generated secrets to your Kubernetes cluster: ```sh vpctl secret deploy ``` **Common options:** * `--file`: Path to the secrets YAML file (defaults to `secrets.yaml`). * `--dry-run`: Preview the kubectl command without executing it. * `--context`: Kubernetes context to use. * `--namespace`: Kubernetes namespace (overrides the namespace in the secret YAML). Example: ```sh vpctl secret deploy --file ./generated-secrets.yaml --namespace production --dry-run ```