Chapter 55. secret
This chapter describes the commands under the secret command.
55.1. secret container create
Store a container in Barbican.
Usage:
openstack secret container create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--name NAME] [--type TYPE]
[--secret SECRET]
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --secret SECRET, -s SECRET | One secret to store in a container (can be set multiple times). Example: --secret "private_key=https://url.test/v1/secrets/1-2-3-4" |
| --name NAME, -n NAME | A human-friendly name. |
| --type TYPE | Type of container to create (default: generic). |
| Value | Summary |
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names |
55.2. secret container delete
Delete a container by providing its href.
Usage:
openstack secret container delete [-h] URI
| Value | Summary |
|---|---|
| URI | The uri reference for the container |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
55.3. secret container get
Retrieve a container by providing its URI.
Usage:
openstack secret container get [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
URI
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| URI | The uri reference for the container. |
| Value | Summary |
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| Value | Summary |
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names |
55.4. secret container list
List containers.
Usage:
openstack secret container list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--sort-column SORT_COLUMN]
[--limit LIMIT] [--offset OFFSET]
[--name NAME] [--type TYPE]
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --type TYPE, -t TYPE | Specify the type filter for the list (default: none). |
| -h, --help | Show this help message and exit |
| --limit LIMIT, -l LIMIT | Specify the limit to the number of items to list per page (default: 10; maximum: 100) |
| --name NAME, -n NAME | Specify the container name (default: none) |
| --offset OFFSET, -o OFFSET | Specify the page offset (default: 0) |
55.5. secret delete
Delete a secret by providing its URI.
Usage:
openstack secret delete [-h] URI
| Value | Summary |
|---|---|
| URI | The uri reference for the secret |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
55.6. secret get
Retrieve a secret by providing its URI.
Usage:
openstack secret get [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>] [--fit-width]
[--print-empty] [--noindent] [--prefix PREFIX]
[--decrypt] [--payload]
[--payload_content_type PAYLOAD_CONTENT_TYPE]
URI
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| URI | The uri reference for the secret. |
| Value | Summary |
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --payload, -p | If specified, retrieve the unencrypted secret data; the data type can be specified with --payload_content_type. If the user wishes to only retrieve the value of the payload they must add "-f value" to format returning only the value of the payload |
| --payload_content_type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE | The content type of the decrypted secret (default: text/plain). |
| --decrypt, -d | If specified, retrieve the unencrypted secret data; the data type can be specified with --payload_content_type. |
| Value | Summary |
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names |
55.7. secret list
List secrets.
Usage:
openstack secret list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
[--max-width <integer>] [--fit-width]
[--print-empty] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--sort-column SORT_COLUMN] [--limit LIMIT]
[--offset OFFSET] [--name NAME]
[--algorithm ALGORITHM] [--bit-length BIT_LENGTH]
[--mode MODE] [--secret-type SECRET_TYPE]
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --secret-type SECRET_TYPE, -s SECRET_TYPE | Specify the secret type (default: none). |
| --name NAME, -n NAME | Specify the secret name (default: none) |
| --limit LIMIT, -l LIMIT | Specify the limit to the number of items to list per page (default: 10; maximum: 100) |
| --bit-length BIT_LENGTH, -b BIT_LENGTH | The bit length filter for the list (default: 0). |
| --algorithm ALGORITHM, -a ALGORITHM | The algorithm filter for the list(default: none). |
| -h, --help | Show this help message and exit |
| --mode MODE, -m MODE | The algorithm mode filter for the list (default: None). |
| --offset OFFSET, -o OFFSET | Specify the page offset (default: 0) |
55.8. secret order create
Create a new order.
Usage:
openstack secret order create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--name NAME] [--algorithm ALGORITHM]
[--bit-length BIT_LENGTH] [--mode MODE]
[--payload-content-type PAYLOAD_CONTENT_TYPE]
[--expiration EXPIRATION]
[--request-type REQUEST_TYPE]
[--subject-dn SUBJECT_DN]
[--source-container-ref SOURCE_CONTAINER_REF]
[--ca-id CA_ID] [--profile PROFILE]
[--request-file REQUEST_FILE]
type
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| type | The type of the order (key, asymmetric, certificate) to create. |
| Value | Summary |
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE | The type/format of the secret to be generated (default: application/octet-stream). |
| --expiration EXPIRATION, -x EXPIRATION | The expiration time for the secret in iso 8601 format. |
| --request-file REQUEST_FILE | The file containing the csr. |
| --subject-dn SUBJECT_DN | The subject of the certificate. |
| --request-type REQUEST_TYPE | The type of the certificate request. |
| --name NAME, -n NAME | A human-friendly name. |
| --bit-length BIT_LENGTH, -b BIT_LENGTH | The bit length of the requested secret key (default: 256). |
| --source-container-ref SOURCE_CONTAINER_REF | The source of the certificate when using stored-key requests. |
| --algorithm ALGORITHM, -a ALGORITHM | The algorithm to be used with the requested key (default: aes). |
| -h, --help | Show this help message and exit |
| --mode MODE, -m MODE | The algorithm mode to be used with the requested key (default: cbc). |
| --profile PROFILE | The profile of certificate to use. |
| --ca-id CA_ID | The identifier of the ca to use for the certificate request. |
| Value | Summary |
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names |
55.9. secret order delete
Delete an order by providing its href.
Usage:
openstack secret order delete [-h] URI
| Value | Summary |
|---|---|
| URI | The uri reference for the order |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
55.10. secret order get
Retrieve an order by providing its URI.
Usage:
openstack secret order get [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--prefix PREFIX]
URI
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| URI | The uri reference order. |
| Value | Summary |
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| Value | Summary |
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names |
55.11. secret order list
List orders.
Usage:
openstack secret order list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--sort-column SORT_COLUMN] [--limit LIMIT]
[--offset OFFSET]
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --limit LIMIT, -l LIMIT | Specify the limit to the number of items to list per page (default: 10; maximum: 100) |
| --offset OFFSET, -o OFFSET | Specify the page offset (default: 0) |
55.12. secret store
Store a secret in Barbican.
Usage:
openstack secret store [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--prefix PREFIX] [--name NAME]
[--payload PAYLOAD] [--secret-type SECRET_TYPE]
[--payload-content-type PAYLOAD_CONTENT_TYPE]
[--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH] [--mode MODE]
[--expiration EXPIRATION]
| Value | Summary |
|---|---|
| --print-empty | Print empty table if there is no data to show. |
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| Value | Summary |
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE | The type/format of the provided secret data; "text/plain" is assumed to be UTF-8; required when --payload is supplied. |
| --expiration EXPIRATION, -x EXPIRATION | The expiration time for the secret in iso 8601 format. |
| --secret-type SECRET_TYPE, -s SECRET_TYPE | The secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default) |
| --payload-content-encoding PAYLOAD_CONTENT_ENCODING, -e PAYLOAD_CONTENT_ENCODING | Required if --payload-content-type is "application /octet-stream". |
| --name NAME, -n NAME | A human-friendly name. |
| --bit-length BIT_LENGTH, -b BIT_LENGTH | The bit length (default: 256). |
| --algorithm ALGORITHM, -a ALGORITHM | The algorithm (default: aes). |
| -h, --help | Show this help message and exit |
| --mode MODE, -m MODE | The algorithm mode; used only for reference (default: cbc) |
| --payload PAYLOAD, -p PAYLOAD | The unencrypted secret; if provided, you must also provide a payload_content_type |
| Value | Summary |
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names |
55.13. secret update
Update a secret with no payload in Barbican.
Usage:
openstack secret update [-h] URI payload
| Value | Summary |
|---|---|
| URI | The uri reference for the secret. |
| payload | The unencrypted secret |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
