docs(docs): document personal secrets and register CLI reference pages

docs/admin/security/secrets.md

@@ -42,6 +42,49 @@ Users can view their public key in their account settings:
 > SSH keys are never stored in Coder workspaces, and are fetched only when
 > SSH is invoked. The keys are held in-memory and never written to disk.
 
+## Personal Secrets
+
+Personal secrets let each user store their own secret values in Coder and make
+them available in workspaces without adding those values to template code.
+They are a good fit for per-user credentials such as API keys, cloud
+credentials, or other values that should follow a user across workspaces.
+
+Use the CLI to create and manage personal secrets:
+
+```sh
+# Create a secret and inject it into workspaces as an environment variable.
+coder secret create openai-key \
+  --value "$OPENAI_API_KEY" \
+  --description "Personal OpenAI API key" \
+  --inject-env OPENAI_API_KEY
+
+# Create a secret and inject it into a file in your workspace.
+coder secret create aws-credentials \
+  --value "$AWS_CREDENTIALS_FILE_CONTENTS" \
+  --description "Personal AWS credentials" \
+  --inject-file ~/.aws/credentials
+
+# List all of your secrets.
+coder secret list
+
+# Show a single secret by name.
+coder secret list openai-key
+
+# Delete a secret you no longer need.
+coder secret delete openai-key
+```
+
+Use `--inject-env` to inject a secret into your workspaces as an environment
+variable. Use `--inject-file` to inject it as a file in the workspace. File
+paths must start with `~/` or `/`.
+
+You can update a secret later with `coder secret update`, including rotating
+the value or clearing an injection target by passing an empty string. Use
+`coder secret delete` to remove a secret entirely. The secret value itself is
+never returned by the API or CLI list output. For full command details, see
+[`coder secret`](../../reference/cli/secret.md) and the
+[Secrets API reference](../../reference/api/secrets.md).
+
 ## Dynamic Secrets
 
 Dynamic secrets are attached to the workspace lifecycle and automatically

docs/manifest.json

@@ -2016,6 +2016,31 @@
 							"description": "Edit workspace stop schedule",
 							"path": "reference/cli/schedule_stop.md"
 						},
+						{
+							"title": "secret",
+							"description": "Manage personal secrets",
+							"path": "reference/cli/secret.md"
+						},
+						{
+							"title": "secret create",
+							"description": "Create a secret",
+							"path": "reference/cli/secret_create.md"
+						},
+						{
+							"title": "secret update",
+							"description": "Update a secret",
+							"path": "reference/cli/secret_update.md"
+						},
+						{
+							"title": "secret list",
+							"description": "List secrets, or show one by name",
+							"path": "reference/cli/secret_list.md"
+						},
+						{
+							"title": "secret delete",
+							"description": "Delete a secret",
+							"path": "reference/cli/secret_delete.md"
+						},
 						{
 							"title": "server",
 							"description": "Start a Coder server",