diff --git a/internal/juju/client.go b/internal/juju/client.go
index 8e48e3cb..3918affd 100644
--- a/internal/juju/client.go
+++ b/internal/juju/client.go
@@ -44,6 +44,7 @@ type Client struct {
 	Offers       offersClient
 	SSHKeys      sshKeysClient
 	Users        usersClient
+	Secrets      secretsClient
 }
 
 type jujuModel struct {
@@ -87,6 +88,7 @@ func NewClient(ctx context.Context, config ControllerConfiguration) (*Client, er
 		Offers:       *newOffersClient(sc),
 		SSHKeys:      *newSSHKeysClient(sc),
 		Users:        *newUsersClient(sc),
+		Secrets:      *newSecretsClient(sc),
 	}, nil
 }
 
diff --git a/internal/juju/secrets_test.go b/internal/juju/secrets_test.go
index c019ac5c..a67fb9c8 100644
--- a/internal/juju/secrets_test.go
+++ b/internal/juju/secrets_test.go
@@ -4,7 +4,11 @@
 package juju
 
 import (
+	"encoding/base64"
+	"errors"
 	"github.com/juju/juju/api"
+	apisecrets "github.com/juju/juju/api/client/secrets"
+	coresecrets "github.com/juju/juju/core/secrets"
 	"testing"
 
 	"github.com/stretchr/testify/suite"
@@ -76,7 +80,157 @@ func (s *SecretSuite) TestCreateSecret() {
 	})
 	s.Require().NoError(err)
 	s.Require().NotNil(output)
-	s.Require().Equal("secret-id", output.SecretId)
+
+	s.Assert().Equal("secret-id", output.SecretId)
+}
+
+func (s *SecretSuite) TestCreateSecretError() {
+	ctlr := s.setupMocks(s.T())
+	defer ctlr.Finish()
+
+	errBoom := errors.New("boom")
+
+	s.mockSecretClient.EXPECT().CreateSecret(
+		"test-secret", "test info", map[string]string{"key": "value"},
+	).Return("", errBoom).AnyTimes()
+
+	client := s.getSecretsClient()
+	output, err := client.CreateSecret(&CreateSecretInput{
+		ModelName: s.testModelName,
+		Name:      "test-secret",
+		Value:     map[string]string{"key": "value"},
+		Info:      "test info",
+	})
+	s.Require().Error(err)
+	s.Require().Nil(output)
+
+	s.Assert().Equal(errBoom, err)
+}
+
+func (s *SecretSuite) TestReadSecret() {
+	ctlr := s.setupMocks(s.T())
+	defer ctlr.Finish()
+
+	secretName := "test-secret"
+
+	value := base64.StdEncoding.EncodeToString([]byte("value"))
+	s.mockSecretClient.EXPECT().ListSecrets(
+		true, coresecrets.Filter{Label: &secretName},
+	).Return([]apisecrets.SecretDetails{
+		{
+			Metadata: coresecrets.SecretMetadata{
+				Version: 1,
+			},
+			Revisions: []coresecrets.SecretRevisionMetadata{
+				{
+					Revision: 1,
+				},
+			},
+			Value: coresecrets.NewSecretValue(map[string]string{"key": value}),
+			Error: "",
+		},
+	}, nil).AnyTimes()
+
+	client := s.getSecretsClient()
+	output, err := client.ReadSecret(&ReadSecretInput{
+		ModelName: s.testModelName,
+		Name:      secretName,
+	})
+	s.Require().NoError(err)
+	s.Require().NotNil(output)
+
+	s.Assert().Equal(map[string]string{"key": "value"}, output.Value)
+}
+
+func (s *SecretSuite) TestReadSecretError() {
+	ctlr := s.setupMocks(s.T())
+	defer ctlr.Finish()
+
+	secretName := "test-secret"
+
+	errBoom := errors.New("boom")
+	s.mockSecretClient.EXPECT().ListSecrets(
+		true, coresecrets.Filter{Label: &secretName},
+	).Return([]apisecrets.SecretDetails{
+		{
+			Error: errBoom.Error(),
+		},
+	}, nil).AnyTimes()
+
+	client := s.getSecretsClient()
+	output, err := client.ReadSecret(&ReadSecretInput{
+		ModelName: s.testModelName,
+		Name:      secretName,
+	})
+	s.Require().Error(err)
+	s.Require().Nil(output)
+
+	s.Assert().Equal(errBoom, err)
+}
+
+func (s *SecretSuite) TestUpdateSecret() {
+	ctlr := s.setupMocks(s.T())
+	defer ctlr.Finish()
+
+	secretName := "test-secret"
+
+	// update secret with value2
+	value2 := base64.StdEncoding.EncodeToString([]byte("value2"))
+	s.mockSecretClient.EXPECT().UpdateSecret(
+		nil, secretName, nil, secretName, "secret info", map[string]string{"key": value2},
+	).Return(nil).AnyTimes()
+
+	client := s.getSecretsClient()
+	err := client.UpdateSecret(&UpdateSecretInput{
+		ModelName: s.testModelName,
+		Name:      secretName,
+		Value:     map[string]string{"key": value2},
+		Info:      "secret info",
+	})
+	s.Require().NoError(err)
+
+	s.mockSecretClient.EXPECT().ListSecrets(
+		true, coresecrets.Filter{Label: &secretName},
+	).Return([]apisecrets.SecretDetails{
+		{
+			Metadata: coresecrets.SecretMetadata{
+				Version: 1,
+			},
+			Revisions: []coresecrets.SecretRevisionMetadata{
+				{
+					Revision: 1,
+				},
+			},
+			Value: coresecrets.NewSecretValue(map[string]string{"key": value2}),
+			Error: "",
+		},
+	}, nil).Times(1)
+
+	// read secret and check if value is updated
+	output, err := client.ReadSecret(&ReadSecretInput{
+		ModelName: s.testModelName,
+		Name:      secretName,
+	})
+	s.Require().NoError(err)
+	s.Require().NotNil(output)
+
+	s.Assert().Equal(map[string]string{"key": "value2"}, output.Value)
+}
+
+func (s *SecretSuite) TestDeleteSecret() {
+	ctlr := s.setupMocks(s.T())
+	defer ctlr.Finish()
+
+	secretName := "test-secret"
+
+	s.mockSecretClient.EXPECT().RemoveSecret(nil, secretName, nil).Return(nil).AnyTimes()
+
+	client := s.getSecretsClient()
+	err := client.DeleteSecret(&DeleteSecretInput{
+		ModelName: s.testModelName,
+		Name:      secretName,
+	})
+	s.Require().NoError(err)
 
 }