secrets

Get the latest docs.

You are looking at documentation for an older release. Not what you want? Use the version selector on the top banner or click here.

The cfy secrets command is used to manage Cloudify secrets (key-value pairs).

Optional flags

These commands support the common CLI flags.

Commands

create

Usage

cfy secrets create [OPTIONS] KEY

Create a new secret (key-value pair)

KEY is the new secret’s key

Required flags

One of these flags:

-s, --secret-string TEXT - The string to use as the secret’s value.
-f, --secret-file TEXT - The file with the contents of the secret.

Optional flags:

-u, --update-if-exists - Update secret value if secret key already exists. [This option is deprecated; use cfy secrets update command instead]. You cannot use this argument with arguments: [visibility, hidden_value]
-l, --visibility TEXT - Defines who can see the resource, can be set to one of [‘private’, ‘tenant’, ‘global’] [default: tenant].
--hidden-value - The secret value is only shown to the user that created the secret, to the tenant managers, and to sys-admins. Use of the secret is allowed according to user roles and the visibility of the secret.
-t, --tenant-name - The name of the tenant of the secret. If not specified, the current tenant will be used.

Example

$ cfy secrets create test-secret -s test-value
...

Secret `test-secret` created

...

delete

Usage

cfy secrets delete [OPTIONS] KEY

Delete a secret.

KEY is the secret’s key.

Optional flags:

-t, --tenant-name - The name of the tenant of the secret. If not specified, the current tenant will be used.

Example

$ cfy secrets delete test-secret
...

Deleting secret `test-secret`...
Secret removed

...

get

Usage

cfy secrets get [OPTIONS] KEY

Get details for a single secret.

KEY is the secret’s key

Optional flags:

-t, --tenant-name - The name of the tenant of the secret. If not specified, the current tenant will be used.

Example

$ cfy secrets get test-secret
...

Getting info for secret `test-secret`...
Requested secret info:
key:             test-secret
tenant_name:     default_tenant
created_at:      2018-05-13 16:01:37.420
updated_at:      2018-05-13 16:01:37.420
created_by:      admin
visibility:      tenant
value:           test-value
is_hidden_value: False

...

list

Usage

cfy secrets list [OPTIONS]

List all secrets.

Optional flags

--sort-by TEXT - Key for sorting the list.
--descending - Sort list in descending order. [default: False]
-t, --tenant-name TEXT - The name of the tenant from which to list secrets. If unspecified, the current tenant is used. This argument cannot be used simultaneously with the all-tenants argument.
-a, --all-tenants - Include resources from all tenants associated with the user. This argument cannot be used simultaneously with the tenant-name argument.
--search TEXT - Search secrets by key. The returned list will include only secrets that contain the given search pattern.
-o, --pagination-offset INTEGER - The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]
-s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

$ cfy secrets list
...

Listing all secrets...

Secrets:
+-------------+--------------------------+--------------------------+------------+----------------+------------+-----------------+
|     key     |        created_at        |        updated_at        | visibility |  tenant_name   | created_by | is_hidden_value |
+-------------+--------------------------+--------------------------+------------+----------------+------------+-----------------+
| test-secret | 2018-05-13 16:01:37.420  | 2018-05-13 16:01:37.420  |   tenant   | default_tenant |   admin    |      False      |
+-------------+--------------------------+--------------------------+------------+----------------+------------+-----------------+

Showing 1 of 1 secrets
...

export

Usage

cfy secrets export [OPTIONS]

Export secrets from the manager to a file.

Optional Flags

-p, --passphrase TEXT - The passphrase used to encrypt the secrets’ values, must be 8 characters long.
--non-encrypted - Use this flag for none encrypted scerets’ values. You cannot use this argument with arguments: [passphrase]
-l, --visibility TEXT - Filters the secrets exported according to their visibility, can be set to one of the following [‘private’, ‘tenant’, ‘global’].
-t, --tenant-name TEXT - The name of the tenant from which to export secrets. If unspecified, the current tenant will be used. This argument cannot be used simultaneously with the all-tenants argument.
-a, --all-tenants - Include resources from all tenants associated with the user. This argument cannot be used simultaneously with the tenant-name argument.
--filter-by TEXT - Filters the secrets exported according to a keyword.
-o, --output-path TEXT - The local path to download the exported secrets to. If not specified, the secrets’ file will be downloaded to <current directory>/secrets.json

import

Usage

cfy secrets import [OPTIONS]

Import secrets from a file to the manager.

Optional Flags

-p, --passphrase TEXT - The passphrase used to encrypt or decrypt the secrets’ values, must be 8 characters long.
-i, --input-path TEXT - Path to secrets file to import.
--non-encrypted - Use this flag for none encrypted secrets’ values. You cannot use this argument with arguments: passphrase
--override-collisions - If a certain key already exists in the destination manager, its value will be updated with the new imported value.
-m, --tenant-map TEXT - Path to a json file containing a from-to tenant names mapping.

Inputs examples

secrets input file:

[
	{
		"key": "key",
		"value": "value",
		"tenant_name": "tenant_name",
		"visibility": "tenant",
		"is_hidden_value": "False",
		"encrypted": false
	}
]

tenant mapping input file:

{
	"source_tenant1": "destination_tenant1",
	"source_tenant2": "destination_tenant2"
}

update

Usage

cfy secrets update [OPTIONS] KEY

Update an existing secret.

KEY is the secret’s key.

Required flags

One of these flags:

-s, --secret-string TEXT - The string to use as the secret’s value.
-f, --secret-file TEXT - The file with the contents of the secret.

Optional flags:

--hidden-value / --not-hidden-value - The secret value is only shown to the user that created the secret, to the tenant managers, and to sys-admins. Use of the secret is allowed according to user roles and the visibility of the secret.
-l, --visibility TEXT - Defines who can see the resource, can be set to one of [‘private’, ‘tenant’, ‘global’].
-t, --tenant-name TEXT - The name of the tenant of the secret. If not specified, the current tenant will be used.

Example

$ cfy secrets update test-secret -s test-value2
...

Secret `test-secret` updated

...

set-visibility

Usage

cfy secrets set-visibility [OPTIONS] KEY

Set the secret’s visibility

KEY - The secret’s key.

Mandatory flags

-l, --visibility TEXT - Defines who can see the resource, can be set to one of [‘tenant’, ‘global’] [required].

Example

$ cfy secrets set-visibility test-secret -l global
...

Secret `test-secret` was set to global

...