Chapter 68. secret
This chapter describes the commands under the secret
command.
68.1. secret container create
Store a container in Barbican.
Usage:
openstack secret container create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] [--name NAME] [--type TYPE] [--secret SECRET]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--name NAME, -n NAME | A human-friendly name. |
--type TYPE | Type of container to create (default: generic). |
--secret SECRET, -s SECRET | One secret to store in a container (can be set multiple times). Example: --secret "private_key=https://url.test/v1/secrets/1-2-3-4" |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.2. secret container delete
Delete a container by providing its href.
Usage:
openstack secret container delete [-h] URI
Value | Summary |
---|---|
URI | The uri reference for the container |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
68.3. secret container get
Retrieve a container by providing its URI.
Usage:
openstack secret container get [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] URI
Value | Summary |
---|---|
URI | The uri reference for the container. |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.4. secret container list
List containers.
Usage:
openstack secret container list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN] [--quote {all,minimal,none,nonnumeric}] [--noindent] [--max-width <integer>] [--fit-width] [--print-empty] [--sort-column SORT_COLUMN] [--limit LIMIT] [--offset OFFSET] [--name NAME] [--type TYPE]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--limit LIMIT, -l LIMIT | Specify the limit to the number of items to list per page (default: 10; maximum: 100) |
--offset OFFSET, -o OFFSET | Specify the page offset (default: 0) |
--name NAME, -n NAME | Specify the container name (default: none) |
--type TYPE, -t TYPE | Specify the type filter for the list (default: none). |
Value | Summary |
---|---|
-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
--sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
Value | Summary |
---|---|
--quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.5. secret delete
Delete a secret by providing its URI.
Usage:
openstack secret delete [-h] URI
Value | Summary |
---|---|
URI | The uri reference for the secret |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
68.6. secret get
Retrieve a secret by providing its URI.
Usage:
openstack secret get [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] [--decrypt | --payload | --file <filename>] [--payload_content_type PAYLOAD_CONTENT_TYPE] URI
Value | Summary |
---|---|
URI | The uri reference for the secret. |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--decrypt, -d | If specified, retrieve the unencrypted secret data. |
--payload, -p | If specified, retrieve the unencrypted secret data. |
--file <filename>, -F <filename> | If specified, save the payload to a new file with the given filename. |
--payload_content_type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE | The content type of the decrypted secret (default: text/plain). |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.7. secret list
List secrets.
Usage:
openstack secret list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN] [--quote {all,minimal,none,nonnumeric}] [--noindent] [--max-width <integer>] [--fit-width] [--print-empty] [--sort-column SORT_COLUMN] [--limit LIMIT] [--offset OFFSET] [--name NAME] [--algorithm ALGORITHM] [--bit-length BIT_LENGTH] [--mode MODE] [--secret-type SECRET_TYPE]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--limit LIMIT, -l LIMIT | Specify the limit to the number of items to list per page (default: 10; maximum: 100) |
--offset OFFSET, -o OFFSET | Specify the page offset (default: 0) |
--name NAME, -n NAME | Specify the secret name (default: none) |
--algorithm ALGORITHM, -a ALGORITHM | The algorithm filter for the list(default: none). |
--bit-length BIT_LENGTH, -b BIT_LENGTH | The bit length filter for the list (default: 0). |
--mode MODE, -m MODE | The algorithm mode filter for the list (default: None). |
--secret-type SECRET_TYPE, -s SECRET_TYPE | Specify the secret type (default: none). |
Value | Summary |
---|---|
-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
--sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
Value | Summary |
---|---|
--quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.8. secret order create
Create a new order.
Usage:
openstack secret order create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] [--name NAME] [--algorithm ALGORITHM] [--bit-length BIT_LENGTH] [--mode MODE] [--payload-content-type PAYLOAD_CONTENT_TYPE] [--expiration EXPIRATION] [--request-type REQUEST_TYPE] [--subject-dn SUBJECT_DN] [--source-container-ref SOURCE_CONTAINER_REF] [--ca-id CA_ID] [--profile PROFILE] [--request-file REQUEST_FILE] type
Value | Summary |
---|---|
type | The type of the order (key, asymmetric, certificate) to create. |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--name NAME, -n NAME | A human-friendly name. |
--algorithm ALGORITHM, -a ALGORITHM | The algorithm to be used with the requested key (default: aes). |
--bit-length BIT_LENGTH, -b BIT_LENGTH | The bit length of the requested secret key (default: 256). |
--mode MODE, -m MODE | The algorithm mode to be used with the requested key (default: cbc). |
--payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE | The type/format of the secret to be generated (default: application/octet-stream). |
--expiration EXPIRATION, -x EXPIRATION | The expiration time for the secret in iso 8601 format. |
--request-type REQUEST_TYPE | The type of the certificate request. |
--subject-dn SUBJECT_DN | The subject of the certificate. |
--source-container-ref SOURCE_CONTAINER_REF | The source of the certificate when using stored-key requests. |
--ca-id CA_ID | The identifier of the ca to use for the certificate request. |
--profile PROFILE | The profile of certificate to use. |
--request-file REQUEST_FILE | The file containing the csr. |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.9. secret order delete
Delete an order by providing its href.
Usage:
openstack secret order delete [-h] URI
Value | Summary |
---|---|
URI | The uri reference for the order |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
68.10. secret order get
Retrieve an order by providing its URI.
Usage:
openstack secret order get [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] URI
Value | Summary |
---|---|
URI | The uri reference order. |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.11. secret order list
List orders.
Usage:
openstack secret order list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN] [--quote {all,minimal,none,nonnumeric}] [--noindent] [--max-width <integer>] [--fit-width] [--print-empty] [--sort-column SORT_COLUMN] [--limit LIMIT] [--offset OFFSET]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--limit LIMIT, -l LIMIT | Specify the limit to the number of items to list per page (default: 10; maximum: 100) |
--offset OFFSET, -o OFFSET | Specify the page offset (default: 0) |
Value | Summary |
---|---|
-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
--sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
Value | Summary |
---|---|
--quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.12. secret store
Store a secret in Barbican.
Usage:
openstack secret store [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] [--name NAME] [--secret-type SECRET_TYPE] [--payload-content-type PAYLOAD_CONTENT_TYPE] [--payload-content-encoding PAYLOAD_CONTENT_ENCODING] [--algorithm ALGORITHM] [--bit-length BIT_LENGTH] [--mode MODE] [--expiration EXPIRATION] [--payload PAYLOAD | --file <filename>]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--name NAME, -n NAME | A human-friendly name. |
--secret-type SECRET_TYPE, -s SECRET_TYPE | The secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default) |
--payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE | The type/format of the provided secret data; "text/plain" is assumed to be UTF-8; required when --payload is supplied. |
--payload-content-encoding PAYLOAD_CONTENT_ENCODING, -e PAYLOAD_CONTENT_ENCODING | Required if --payload-content-type is "application/octet-stream". |
--algorithm ALGORITHM, -a ALGORITHM | The algorithm (default: aes). |
--bit-length BIT_LENGTH, -b BIT_LENGTH | The bit length (default: 256). |
--mode MODE, -m MODE | The algorithm mode; used only for reference (default: cbc) |
--expiration EXPIRATION, -x EXPIRATION | The expiration time for the secret in iso 8601 format. |
--payload PAYLOAD, -p PAYLOAD | The unencrypted secret data. |
--file <filename>, -F <filename> | File containing the secret payload |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
68.13. secret update
Update a secret with no payload in Barbican.
Usage:
openstack secret update [-h] URI payload
Value | Summary |
---|---|
URI | The uri reference for the secret. |
payload | The unencrypted secret |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |