secrets
The cfy secrets
command is used to manage Conductor secrets (key-value pairs).
Optional flags
These commands support the common CLI flags.
Commands
create
Usage
cfy secrets create [OPTIONS] KEY
Create a new secret (key-value pair)
KEY
is the new secret’s key
Required flags
One of these flags:
-s, --secret-string TEXT
- The string to use as the secret’s value.-f, --secret-file TEXT
- The file with the contents of the secret.
Optional flags:
-u, --update-if-exists
- Update secret value if secret key already exists. [This option is deprecated; use cfy secrets update command instead]. You cannot use this argument with arguments: [visibility, hidden_value]-l, --visibility TEXT
- Defines who can see the resource, can be set to one of [‘private’, ‘tenant’, ‘global’] [default: tenant].--hidden-value
- The secret value is only shown to the user that created the secret, to the tenant managers, and to sys-admins. Use of the secret is allowed according to user roles and the visibility of the secret.-t, --tenant-name
- The name of the tenant of the secret. If not specified, the current tenant will be used.-p, --provider
- Secrets Provider’s name.-o, --provider-options
- Secrets Provider’s options in stringify JSON
Example
$ cfy secrets create test-secret -s test-value
...
Secret `test-secret` created
...
delete
Usage
cfy secrets delete [OPTIONS] KEY
Delete a secret.
KEY
is the secret’s key.
Optional flags:
-t, --tenant-name
- The name of the tenant of the secret. If not specified, the current tenant will be used.
Example
$ cfy secrets delete test-secret
...
Deleting secret `test-secret`...
Secret removed
...
get
Usage
cfy secrets get [OPTIONS] KEY
Get details for a single secret.
KEY
is the secret’s key
Optional flags:
-t, --tenant-name
- The name of the tenant of the secret. If not specified, the current tenant will be used.
Example
$ cfy secrets get test-secret
...
Getting info for secret `test-secret`...
Requested secret info:
key: test-secret
tenant_name: default_tenant
created_at: 2018-05-13 16:01:37.420
updated_at: 2018-05-13 16:01:37.420
created_by: admin
visibility: tenant
value: test-value
is_hidden_value: False
...
list
Usage
cfy secrets list [OPTIONS]
List all secrets.
Optional flags
--sort-by TEXT
- Key for sorting the list.--descending
- Sort list in descending order. [default: False]-t, --tenant-name TEXT
- The name of the tenant from which to list secrets. If unspecified, the current tenant is used. This argument cannot be used simultaneously with theall-tenants
argument.-a, --all-tenants
- Include resources from all tenants associated with the user. This argument cannot be used simultaneously with thetenant-name
argument.--search TEXT
- Search secrets by key. The returned list will include only secrets that contain the given search pattern.-o, --pagination-offset INTEGER
- The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ cfy secrets list
...
Listing all secrets...
Secrets:
+-------------+--------------------------+--------------------------+------------+----------------+------------+-----------------+
| key | created_at | updated_at | visibility | tenant_name | created_by | is_hidden_value |
+-------------+--------------------------+--------------------------+------------+----------------+------------+-----------------+
| test-secret | 2018-05-13 16:01:37.420 | 2018-05-13 16:01:37.420 | tenant | default_tenant | admin | False |
+-------------+--------------------------+--------------------------+------------+----------------+------------+-----------------+
Showing 1 of 1 secrets
...
export
Usage
cfy secrets export [OPTIONS]
Export secrets from the manager to a file.
Optional Flags
-p, --passphrase TEXT
- The passphrase used to encrypt the secrets' values, must be 8 characters long.--non-encrypted
- Use this flag for none encrypted scerets' values. You cannot use this argument with arguments: [passphrase]-l, --visibility TEXT
- Filters the secrets exported according to their visibility, can be set to one of the following [‘private’, ‘tenant’, ‘global’].-t, --tenant-name TEXT
- The name of the tenant from which to export secrets. If unspecified, the current tenant will be used. This argument cannot be used simultaneously with theall-tenants
argument.-a, --all-tenants
- Include resources from all tenants associated with the user. This argument cannot be used simultaneously with thetenant-name
argument.--filter-by TEXT
- Filters the secrets exported according to a keyword.-o, --output-path TEXT
- The local path to download the exported secrets to. If not specified, the secrets' file will be downloaded to<current directory>/secrets.json
import
Usage
cfy secrets import [OPTIONS]
Import secrets from a file to the manager.
Optional Flags
-p, --passphrase TEXT
- The passphrase used to encrypt or decrypt the secrets' values, must be 8 characters long.-i, --input-path TEXT
- Path to secrets file to import.--non-encrypted
- Use this flag for none encrypted secrets' values. You cannot use this argument with arguments:passphrase
--override-collisions
- If a certain key already exists in the destination manager, its value will be updated with the new imported value.-m, --tenant-map TEXT
- Path to a json file containing a from-to tenant names mapping.
Inputs examples
secrets input file:
[
{
"key": "key",
"value": "value",
"tenant_name": "tenant_name",
"visibility": "tenant",
"is_hidden_value": "False",
"encrypted": false
}
]
tenant mapping input file:
{
"source_tenant1": "destination_tenant1",
"source_tenant2": "destination_tenant2"
}
update
Usage
cfy secrets update [OPTIONS] KEY
Update an existing secret.
KEY
is the secret’s key.
Required flags
One of these flags:
-s, --secret-string TEXT
- The string to use as the secret’s value.-f, --secret-file TEXT
- The file with the contents of the secret.
Optional flags:
--hidden-value / --not-hidden-value
- The secret value is only shown to the user that created the secret, to the tenant managers, and to sys-admins. Use of the secret is allowed according to user roles and the visibility of the secret.-l, --visibility TEXT
- Defines who can see the resource, can be set to one of [‘private’, ‘tenant’, ‘global’].-t, --tenant-name TEXT
- The name of the tenant of the secret. If not specified, the current tenant will be used.-p, --provider
- Secrets Provider’s name.-o, --provider-options
- Secrets Provider’s options in stringify JSON
Example
$ cfy secrets update test-secret -s test-value2
...
Secret `test-secret` updated
...
set-visibility
Usage
cfy secrets set-visibility [OPTIONS] KEY
Set the secret’s visibility
KEY
- The secret’s key.
Mandatory flags
-l, --visibility TEXT
- Defines who can see the resource, can be set to one of [‘tenant’, ‘global’] [required].
Example
$ cfy secrets set-visibility test-secret -l global
...
Secret `test-secret` was set to global
...
set-owner
Usage
cfy secrets set-owner [OPTIONS] KEY
Change ownership of a secret.
KEY
- The key of the secret to update.
Optional flags
-s, --username USERNAME
- The name of the user who will be the new owner of the resource. [required]-t, --tenant-name TEXT
- The name of the tenant of the secret. If not specified, the current tenant will be used.
Example
$ cfy secrets set-owner test-secret -s admin
...
Secret `test-secret` is now owned by user `admin`.
...