---
sidebar_position: 1
title: LIST SECRETS
description: List all secrets stored in memory and MotherDuck.
---
# LIST SECRETS

Secrets can be listed in the same way as in DuckDB by using the table function `duckdb_secrets()`.

# Syntax

```sql
FROM duckdb_secrets();
```

|      name       | type  |     provider     | persistent |  storage   |          scope          |                                                                                                                  secret_string                                                                                                                  |
|-----------------|-------|------------------|------------|------------|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| __default_azure | azure | credential_chain | false      | memory     | [azure://, az://]       | name=__default_azure;type=azure;provider=credential_chain;serializable=true;scope=azure://,az://;account_name=some-account                                                                                                                      |
| __default_s3    | s3    | credential_chain | false      | memory     | [s3://, s3n://, s3a://] | name=__default_s3;type=s3;provider=credential_chain;serializable=true;scope=s3://,s3n://,s3a://;endpoint=s3.amazonaws.com;key_id=my_key;region=us-east-1;secret=redacted;session_token=redacted                                   |
| __default_r2    | r2    | config           | true       | motherduck | [r2://]                 | name=__default_r2;type=r2;provider=config;serializable=true;scope=r2://;endpoint=my_account.r2.cloudflarestorage.com;key_id=my_key;region=us-east-1;s3_url_compatibility_mode=0;secret=redacted;session_token=redacted;url_style=path;use_ssl=1 |
| __default_gcs   | gcs   | config           | true       | motherduck | [gcs://, gs://]         | name=__default_gcs;type=gcs;provider=config;serializable=true;scope=gcs://,gs://;endpoint=storage.googleapis.com;key_id=my_key;region=us-east-1;s3_url_compatibility_mode=0;secret=redacted;session_token=redacted;url_style=path;use_ssl=1     |

:::note
DuckDB allows you to specify `redact` when listing secrets (it's set to `true` by default). However, MotherDuck secrets are always redacted for security reasons despite the flag.
:::

# Example Usage
To inspect specific field(s) in `secret_string`:

```sql
select
    name, storage,
    list_filter(split(secret_string,';'), x -> starts_with(x, 'region'))[1]
from duckdb_secrets(redact=false) where name='__default_s3';
```


---

## Docs feedback

MotherDuck accepts optional user-submitted feedback about this page at `POST https://motherduck.com/docs/api/feedback/agent`.
For agents and automated tools, feedback submission should be user-confirmed before sending.

Payload:

```json
{
  "page_path": "/sql-reference/motherduck-sql-reference/list-secrets/",
  "page_title": "LIST SECRETS",
  "text": "<the user's feedback, max 2000 characters>",
  "source": "<optional identifier for your interface, for example 'claude.ai' or 'chatgpt'>"
}
```

`page_path` and `text` are required; `page_title` and `source` are optional. Responses: `200 {"feedback_id": "<uuid>"}`, `400` for malformed payloads, and `429` when rate-limited.