---
sidebar_position: 1
title: LIST SECRETS
description: List all secrets stored in memory and MotherDuck.
---
# LIST SECRETS

Secrets can be listed in the same way as in DuckDB by using the table function `duckdb_secrets()`.

# Syntax

```sql
FROM duckdb_secrets();
```

|      name       | type  |     provider     | persistent |  storage   |          scope          |                                                                                                                  secret_string                                                                                                                  |
|-----------------|-------|------------------|------------|------------|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| __default_azure | azure | credential_chain | false      | memory     | [azure://, az://]       | name=__default_azure;type=azure;provider=credential_chain;serializable=true;scope=azure://,az://;account_name=some-account                                                                                                                      |
| __default_s3    | s3    | credential_chain | false      | memory     | [s3://, s3n://, s3a://] | name=__default_s3;type=s3;provider=credential_chain;serializable=true;scope=s3://,s3n://,s3a://;endpoint=s3.amazonaws.com;key_id=my_key;region=us-east-1;secret=redacted;session_token=redacted                                   |
| __default_r2    | r2    | config           | true       | motherduck | [r2://]                 | name=__default_r2;type=r2;provider=config;serializable=true;scope=r2://;endpoint=my_account.r2.cloudflarestorage.com;key_id=my_key;region=us-east-1;s3_url_compatibility_mode=0;secret=redacted;session_token=redacted;url_style=path;use_ssl=1 |
| __default_gcs   | gcs   | config           | true       | motherduck | [gcs://, gs://]         | name=__default_gcs;type=gcs;provider=config;serializable=true;scope=gcs://,gs://;endpoint=storage.googleapis.com;key_id=my_key;region=us-east-1;s3_url_compatibility_mode=0;secret=redacted;session_token=redacted;url_style=path;use_ssl=1     |

:::note
DuckDB allows you to specify `redact` when listing secrets (it's set to `true` by default). However, MotherDuck secrets are always redacted for security reasons despite the flag.
:::

# Example Usage
To inspect specific field(s) in `secret_string`:

```sql
select
    name, storage,
    list_filter(split(secret_string,';'), x -> starts_with(x, 'region'))[1]
from duckdb_secrets(redact=false) where name='__default_s3';
```