/secrets-cli

🐚 CLI for managing OneOps application secrets.

Primary LanguageJavaApache License 2.0Apache-2.0

🐚 OneOps Secrets CLI

Maven Central changelog apidoc

A command line tool for managing OneOps application secrets.OneOps Secrets CLI interacts with the OneOps Secrets Proxy API.

Usage

Detailed user documentation for installation and usage is available on the OneOps website as well as via the help function:

$ secrets
usage: secrets <command> [<args>]

The most commonly used secrets commands are:
    add        Add secret for an application.
    clients    Show all clients for the application.
    delete     Delete a secret.
    details    Get a client/secret details for an application.
    get        Retrieve secret from vault.
    help       Display help information
    info       Show OneOps Secrets CLI version info.
    list       List all secrets for the application.
    log        Tail (no-follow) secrets cli log file.
    revert     Revert secret to the given version index.
    update     Update an existing secret.
    versions   Retrieve versions of a secret, sorted from newest to oldest update time.

See 'secrets help <command>' for more information on a specific command.

Download

Download the latest JAR or grab via Maven:

<dependency>
    <groupId>com.oneops</groupId>
    <artifactId>secrets-cli</artifactId>
    <version>1.1.0</version>
</dependency>

Examples

  • Add a secret for an application.
  $ secrets add -a oneops_test-assembly_dev logstash-forwarder.crt -d "Logstash cert" -n "Logstash-Cert"
  
    ✓ Secret 'Logstash-Cert' added successfully for application /oneops/test-assembly/dev.
    
    Note the followings,
      ● Secret 'Logstash-Cert' will be synced to '/oneops/test-assembly/dev' env computes in few seconds.
      ● Applications can access secret content by reading '/secrets/Logstash-Cert' file.
      ● You may need to restart the application inorder for this secret change to take effect.
      ● For security reasons, secrets are never persisted on the disk and can access from '/secrets' virtual memory file system.
  • Show all secrets for an application.
  $ secrets list  -a oneops_test-assembly_dev
  Password for testuser :
  ✓ 3 secrets are stored for application env: /oneops/test-assembly/dev
  
  +------------------------+---------------------+----------+----------+--------+---------+
  |       Secret Name      |     Description     |  UserID  | Checksum | Expiry | Version |
  +------------------------+---------------------+----------+----------+--------+---------+
  | Logstash-Cert          | Logstash cert       | testuser | 5CCEB0   | Never  | 42295   |
  | app-private.key        | app ssl key         | testuser | B69967   | Never  | 42227   |
  | db-secret              | databse secret      | testuser | BE49B2   | Never  | 42239   |
  +------------------------+---------------------+----------+----------+--------+---------+

Build

  • Source

    Make sure to provide proper secret-proxy truststore and application.conf before doing the build. Use InstallCerts tool to auto-generate trust-store from your secret proxy HTTPS endpoint.

     $ git clone https://github.com/oneops/secrets-cli
 $ cd secrets-cli
 $ ./mvnw clean package

After a build the binary executables is located in the target/ directory and name secrets-cli-*-executable.jar.