docs: update cli reference for secret usage

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

docs: minor update to service create usage

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

docs/reference/commandline/secret_create.md

@@ -0,0 +1,46 @@
+---
+title: "secret create"
+description: "The secret create command description and usage"
+keywords: ["secret, create"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret create
+
+```Markdown
+Usage:  docker secret create [NAME]
+
+Create a secret using stdin as content
+```
+
+Creates a secret using standard input for the secret content. You must run this
+command on a manager node.
+
+## Examples
+
+### Create a secret
+
+```bash
+$ cat ssh-dev | docker secret create ssh-dev
+mhv17xfe3gh6xc4rij5orpfds
+
+$ docker secret ls
+ID                          NAME                CREATED                                   UPDATED                                   SIZE
+mhv17xfe3gh6xc4rij5orpfds   ssh-dev             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
+```
+
+## Related information
+
+* [secret inspect](secret_inspect.md)
+* [secret ls](secret_ls.md)
+* [secret rm](secret_rm.md)
+
+<style>table tr > td:first-child { white-space: nowrap;}</style>

docs/reference/commandline/secret_inspect.md

@@ -0,0 +1,88 @@
+---
+title: "secret inspect"
+description: "The secret inspect command description and usage"
+keywords: ["secret, inspect"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret inspect
+
+```Markdown
+Usage:  docker secret inspect [OPTIONS] SECRET [SECRET...]
+
+Display detailed information on one or more secrets
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+
+Inspects the specified secret. This command has to be run targeting a manager
+node.
+
+By default, this renders all results in a JSON array. If a format is specified,
+the given template will be executed for each result.
+
+Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+## Examples
+
+### Inspecting a secret  by name or ID
+
+You can inspect a secret, either by its *name*, or *ID*
+
+For example, given the following secret:
+
+```bash
+$ docker secret ls
+ID                          NAME                CREATED                                   UPDATED                                   SIZE
+mhv17xfe3gh6xc4rij5orpfds   ssh-dev             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
+```
+
+```bash
+$ docker secret inspect mhv17xfe3gh6xc4rij5orpfds
+[
+    {
+        "ID": "mhv17xfe3gh6xc4rij5orpfds",
+            "Version": {
+            "Index": 1198
+        },
+        "CreatedAt": "2016-10-27T23:25:43.909181089Z",
+        "UpdatedAt": "2016-10-27T23:25:43.909181089Z",
+        "Spec": {
+            "Name": "ssh-dev",
+            "Data": null
+        },
+        "Digest": "sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7",
+        "SecretSize": 1679
+    }
+]
+```
+
+### Formatting secret output
+
+The `--format` option can be used to obtain specific information about a
+secret. For example, the following command outputs the digest of the
+secret.
+
+```bash{% raw %}
+$ docker secret inspect --format='{{.Digest}}' mhv17xfe3gh6xc4rij5orpfds
+sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7
+{% endraw %}```
+
+
+## Related information
+
+* [secret create](secret_create.md)
+* [secret ls](secret_ls.md)
+* [secret rm](secret_rm.md)

docs/reference/commandline/secret_ls.md

@@ -0,0 +1,44 @@
+---
+title: "secret ls"
+description: "The secret ls command description and usage"
+keywords: ["secret, ls"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret ls
+
+```Markdown
+Usage:	docker secret ls [OPTIONS]
+
+List secrets
+
+Aliases:
+  ls, list
+
+Options:
+  -q, --quiet          Only display IDs
+```
+
+This command when run targeting a manager, lists secrets in the
+swarm.
+
+On a manager node:
+
+```bash
+$ docker secret ls
+ID                          NAME                CREATED                                   UPDATED                                   SIZE
+mhv17xfe3gh6xc4rij5orpfds   ssh-dev             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
+```
+## Related information
+
+* [secret create](secret_create.md)
+* [secret inspect](secret_inspect.md)
+* [secret rm](secret_rm.md)

docs/reference/commandline/secret_rm.md

@@ -0,0 +1,48 @@
+---
+title: "secret rm"
+description: "The secret rm command description and usage"
+keywords: ["secret, rm"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret rm
+
+```Markdown
+Usage:	docker secret rm SECRET [SECRET...]
+
+Remove one or more secrets
+
+Aliases:
+  rm, remove
+
+Options:
+      --help   Print usage
+```
+
+Removes the specified secrets from the swarm. This command has to be run
+targeting a manager node.
+
+For example, to remove secret:
+
+```bash
+$ docker secret rm sapth4csdo5b6wz2p5uimh5xg
+sapth4csdo5b6wz2p5uimh5xg
+```
+
+> **Warning**: Unlike `docker rm`, this command does not ask for confirmation
+> before removing a secret.
+
+
+## Related information
+
+* [secret create](secret_create.md)
+* [secret inspect](secret_inspect.md)
+* [secret ls](secret_ls.md)

docs/reference/commandline/service_create.md

@@ -54,6 +54,7 @@ Options:
       --restart-delay duration           Delay between restart attempts (default none)
       --restart-max-attempts uint        Maximum number of restarts before giving up (default none)
       --restart-window duration          Window used to evaluate the restart policy (default none)
+      --secret value                     Specify secrets to expose to the service (default [])
       --stop-grace-period duration       Time to wait before force killing a container (default none)
   -t, --tty                              Allocate a pseudo-TTY
       --update-delay duration            Delay between updates (ns|us|ms|s|m|h) (default 0s)
@@ -119,6 +120,21 @@ ID            NAME   MODE        REPLICAS  IMAGE
 4cdgfyky7ozw  redis  replicated  5/5       redis:3.0.7
 ```
 
+### Create a service with secrets
+Use the `--secret` flag to use a [secret](secret_create.md).  The following
+command will create a service with two secrets named `ssh-key` and `app-key`:
+
+```bash
+$ docker service create --name redis --secret ssh-key:ssh --secret app-key:app redis:3.0.6
+4cdgfyky7ozwh3htjfw0d12qv
+```
+
+Secrets are located in `/run/secrets` in the container.  If no target is
+specified, the name of the secret will be used as the in memory file in the
+container.  If a target is specified, that will be the filename.  In the
+example above, two files will be created: `/run/secrets/ssh` and
+`/run/secrets/app` for each of the secret targets specified.
+
 ### Create a service with a rolling update policy
 
 ```bash

docs/reference/commandline/service_update.md

@@ -63,6 +63,8 @@ Options:
       --restart-max-attempts uint        Maximum number of restarts before giving up (default none)
       --restart-window duration          Window used to evaluate the restart policy (default none)
       --rollback                         Rollback to previous specification
+      --secret-add list                  Add a secret (default [])
+      --secret-rm list                   Remove a secret (default [])
       --stop-grace-period duration       Time to wait before force killing a container (default none)
   -t, --tty                              Allocate a pseudo-TTY
       --update-delay duration            Delay between updates (ns|us|ms|s|m|h) (default 0s)
@@ -146,6 +148,20 @@ $ docker service update --mount-rm /somewhere myservice
 myservice
 ```
 
+### Adding and removing secrets
+
+Use the `--secret-add` or `--secret-rm` options add or remove a service's
+secrets.
+
+The following example adds a secret named `ssh-2` and removes `ssh-1`:
+
+```bash
+$ docker service update \
+    --secret-add ssh-2 \
+    --secret-rm ssh-1 \
+    myservice
+```
+
 ## Related information
 
 * [service create](service_create.md)