@@ -4,7 +4,6 @@ import (

 	"bufio"

 	"io"

 	"net"

-	"os"

 	"github.com/docker/docker/api/types/container"

 	"github.com/docker/docker/api/types/filters"

@@ -364,15 +363,6 @@ type PluginInstallOptions struct {

 	Args                  []string

 }

-// SecretRequestOption is a type for requesting secrets

-type SecretRequestOption struct {

-	Source string

-	Target string

-	UID    string

-	GID    string

-	Mode   os.FileMode

-}

-

 // SwarmUnlockKeyResponse contains the response for Engine API:

 // GET /swarm/unlockkey

 type SwarmUnlockKeyResponse struct {

@@ -10,27 +10,19 @@ import (

 	"golang.org/x/net/context"

 )

-// ParseSecrets retrieves the secrets from the requested names and converts

-// them to secret references to use with the spec

-func ParseSecrets(client client.SecretAPIClient, requestedSecrets []*types.SecretRequestOption) ([]*swarmtypes.SecretReference, error) {

+// ParseSecrets retrieves the secrets with the requested names and fills

+// secret IDs into the secret references.

+func ParseSecrets(client client.SecretAPIClient, requestedSecrets []*swarmtypes.SecretReference) ([]*swarmtypes.SecretReference, error) {

 	secretRefs := make(map[string]*swarmtypes.SecretReference)

 	ctx := context.Background()

 	for _, secret := range requestedSecrets {

-		if _, exists := secretRefs[secret.Target]; exists {

-			return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.Source)

+		if _, exists := secretRefs[secret.File.Name]; exists {

+			return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.SecretName)

 		}

-		secretRef := &swarmtypes.SecretReference{

-			File: &swarmtypes.SecretReferenceFileTarget{

-				Name: secret.Target,

-				UID:  secret.UID,

-				GID:  secret.GID,

-				Mode: secret.Mode,

-			},

-			SecretName: secret.Source,

-		}

-

-		secretRefs[secret.Target] = secretRef

+		secretRef := new(swarmtypes.SecretReference)

+		*secretRef = *secret

+		secretRefs[secret.File.Name] = secretRef

 	}

 	args := filters.NewArgs()

@@ -7,7 +7,6 @@ import (

 	"strings"

 	"time"

-	"github.com/docker/docker/api/types"

 	"github.com/docker/docker/api/types/container"

 	"github.com/docker/docker/api/types/swarm"

 	servicecli "github.com/docker/docker/cli/command/service"

@@ -196,7 +195,7 @@ func convertServiceSecrets(

 	secrets []composetypes.ServiceSecretConfig,

 	secretSpecs map[string]composetypes.SecretConfig,

 ) ([]*swarm.SecretReference, error) {

-	opts := []*types.SecretRequestOption{}

+	refs := []*swarm.SecretReference{}

 	for _, secret := range secrets {

 		target := secret.Target

 		if target == "" {

@@ -222,16 +221,18 @@ func convertServiceSecrets(

 			mode = uint32Ptr(0444)

 		}

-		opts = append(opts, &types.SecretRequestOption{

-			Source: source,

-			Target: target,

-			UID:    uid,

-			GID:    gid,

-			Mode:   os.FileMode(*mode),

+		refs = append(refs, &swarm.SecretReference{

+			File: &swarm.SecretReferenceFileTarget{

+				Name: target,

+				UID:  uid,

+				GID:  gid,

+				Mode: os.FileMode(*mode),

+			},

+			SecretName: source,

 		})

 	}

-	return servicecli.ParseSecrets(client, opts)

+	return servicecli.ParseSecrets(client, refs)

 }

 func uint32Ptr(value uint32) *uint32 {

@@ -8,12 +8,12 @@ import (

 	"strconv"

 	"strings"

-	"github.com/docker/docker/api/types"

+	swarmtypes "github.com/docker/docker/api/types/swarm"

 )

 // SecretOpt is a Value type for parsing secrets

 type SecretOpt struct {

-	values []*types.SecretRequestOption

+	values []*swarmtypes.SecretReference

 }

 // Set a new secret value

@@ -24,18 +24,18 @@ func (o *SecretOpt) Set(value string) error {

 		return err

 	}

-	options := &types.SecretRequestOption{

-		Source: "",

-		Target: "",

-		UID:    "0",

-		GID:    "0",

-		Mode:   0444,

+	options := &swarmtypes.SecretReference{

+		File: &swarmtypes.SecretReferenceFileTarget{

+			UID:  "0",

+			GID:  "0",

+			Mode: 0444,

+		},

 	}

 	// support a simple syntax of --secret foo

 	if len(fields) == 1 {

-		options.Source = fields[0]

-		options.Target = fields[0]

+		options.File.Name = fields[0]

+		options.SecretName = fields[0]

 		o.values = append(o.values, options)

 		return nil

 	}

@@ -51,34 +51,30 @@ func (o *SecretOpt) Set(value string) error {

 		value := parts[1]

 		switch key {

 		case "source", "src":

-			options.Source = value

+			options.SecretName = value

 		case "target":

 			tDir, _ := filepath.Split(value)

 			if tDir != "" {

 				return fmt.Errorf("target must not be a path")

 			}

-			options.Target = value

+			options.File.Name = value

 		case "uid":

-			options.UID = value

+			options.File.UID = value

 		case "gid":

-			options.GID = value

+			options.File.GID = value

 		case "mode":

 			m, err := strconv.ParseUint(value, 0, 32)

 			if err != nil {

 				return fmt.Errorf("invalid mode specified: %v", err)

 			}

-			options.Mode = os.FileMode(m)

+			options.File.Mode = os.FileMode(m)

 		default:

-			if len(fields) == 1 && value == "" {

-

-			} else {

-				return fmt.Errorf("invalid field in secret request: %s", key)

-			}

+			return fmt.Errorf("invalid field in secret request: %s", key)

 		}

 	}

-	if options.Source == "" {

+	if options.SecretName == "" {

 		return fmt.Errorf("source is required")

 	}

@@ -95,13 +91,13 @@ func (o *SecretOpt) Type() string {

 func (o *SecretOpt) String() string {

 	secrets := []string{}

 	for _, secret := range o.values {

-		repr := fmt.Sprintf("%s -> %s", secret.Source, secret.Target)

+		repr := fmt.Sprintf("%s -> %s", secret.SecretName, secret.File.Name)

 		secrets = append(secrets, repr)

 	}

 	return strings.Join(secrets, ", ")

 }

 // Value returns the secret requests

-func (o *SecretOpt) Value() []*types.SecretRequestOption {

+func (o *SecretOpt) Value() []*swarmtypes.SecretReference {

 	return o.values

 }

@@ -16,10 +16,10 @@ func TestSecretOptionsSimple(t *testing.T) {

 	reqs := opt.Value()

 	assert.Equal(t, len(reqs), 1)

 	req := reqs[0]

-	assert.Equal(t, req.Source, "app-secret")

-	assert.Equal(t, req.Target, "app-secret")

-	assert.Equal(t, req.UID, "0")

-	assert.Equal(t, req.GID, "0")

+	assert.Equal(t, req.SecretName, "app-secret")

+	assert.Equal(t, req.File.Name, "app-secret")

+	assert.Equal(t, req.File.UID, "0")

+	assert.Equal(t, req.File.GID, "0")

 }

 func TestSecretOptionsSourceTarget(t *testing.T) {

@@ -31,8 +31,8 @@ func TestSecretOptionsSourceTarget(t *testing.T) {

 	reqs := opt.Value()

 	assert.Equal(t, len(reqs), 1)

 	req := reqs[0]

-	assert.Equal(t, req.Source, "foo")

-	assert.Equal(t, req.Target, "testing")

+	assert.Equal(t, req.SecretName, "foo")

+	assert.Equal(t, req.File.Name, "testing")

 }

 func TestSecretOptionsShorthand(t *testing.T) {

@@ -44,7 +44,7 @@ func TestSecretOptionsShorthand(t *testing.T) {

 	reqs := opt.Value()

 	assert.Equal(t, len(reqs), 1)

 	req := reqs[0]

-	assert.Equal(t, req.Source, "foo")

+	assert.Equal(t, req.SecretName, "foo")

 }

 func TestSecretOptionsCustomUidGid(t *testing.T) {

@@ -56,10 +56,10 @@ func TestSecretOptionsCustomUidGid(t *testing.T) {

 	reqs := opt.Value()

 	assert.Equal(t, len(reqs), 1)

 	req := reqs[0]

-	assert.Equal(t, req.Source, "foo")

-	assert.Equal(t, req.Target, "testing")

-	assert.Equal(t, req.UID, "1000")

-	assert.Equal(t, req.GID, "1001")

+	assert.Equal(t, req.SecretName, "foo")

+	assert.Equal(t, req.File.Name, "testing")

+	assert.Equal(t, req.File.UID, "1000")

+	assert.Equal(t, req.File.GID, "1001")

 }

 func TestSecretOptionsCustomMode(t *testing.T) {

@@ -71,9 +71,9 @@ func TestSecretOptionsCustomMode(t *testing.T) {

 	reqs := opt.Value()

 	assert.Equal(t, len(reqs), 1)

 	req := reqs[0]

-	assert.Equal(t, req.Source, "foo")

-	assert.Equal(t, req.Target, "testing")

-	assert.Equal(t, req.UID, "1000")

-	assert.Equal(t, req.GID, "1001")

-	assert.Equal(t, req.Mode, os.FileMode(0444))

+	assert.Equal(t, req.SecretName, "foo")

+	assert.Equal(t, req.File.Name, "testing")

+	assert.Equal(t, req.File.UID, "1000")

+	assert.Equal(t, req.File.GID, "1001")

+	assert.Equal(t, req.File.Mode, os.FileMode(0444))

 }