Menu Close

Chapter 55. secret

This chapter describes the commands under the secret command.

55.1. secret container create

Store a container in Barbican.

Usage:

openstack secret container create [-h]
                                         [-f {json,shell,table,value,yaml}]
                                         [-c COLUMN] [--max-width <integer>]
                                         [--fit-width] [--print-empty]
                                         [--noindent] [--prefix PREFIX]
                                         [--name NAME] [--type TYPE]
                                         [--secret SECRET]

Table 55.1. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.2. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 55.3. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.4. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--secret SECRET, -s SECRET

One secret to store in a container (can be set multiple times). Example: --secret "private_key=https://url.test/v1/secrets/1-2-3-4"

--name NAME, -n NAME

A human-friendly name.

--type TYPE

Type of container to create (default: generic).

Table 55.5. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

55.2. secret container delete

Delete a container by providing its href.

Usage:

openstack secret container delete [-h] URI

Table 55.6. Positional Arguments

ValueSummary

URI

The uri reference for the container

Table 55.7. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

55.3. secret container get

Retrieve a container by providing its URI.

Usage:

openstack secret container get [-h] [-f {json,shell,table,value,yaml}]
                                      [-c COLUMN] [--max-width <integer>]
                                      [--fit-width] [--print-empty]
                                      [--noindent] [--prefix PREFIX]
                                      URI

Table 55.8. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.9. Positional Arguments

ValueSummary

URI

The uri reference for the container.

Table 55.10. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 55.11. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.12. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

Table 55.13. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

55.4. secret container list

List containers.

Usage:

openstack secret container list [-h] [-f {csv,json,table,value,yaml}]
                                       [-c COLUMN] [--max-width <integer>]
                                       [--fit-width] [--print-empty]
                                       [--noindent]
                                       [--quote {all,minimal,none,nonnumeric}]
                                       [--sort-column SORT_COLUMN]
                                       [--limit LIMIT] [--offset OFFSET]
                                       [--name NAME] [--type TYPE]

Table 55.14. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.15. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 55.16. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 55.17. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.18. Optional Arguments

ValueSummary

--type TYPE, -t TYPE

Specify the type filter for the list (default: none).

-h, --help

Show this help message and exit

--limit LIMIT, -l LIMIT

Specify the limit to the number of items to list per page (default: 10; maximum: 100)

--name NAME, -n NAME

Specify the container name (default: none)

--offset OFFSET, -o OFFSET

Specify the page offset (default: 0)

55.5. secret delete

Delete a secret by providing its URI.

Usage:

openstack secret delete [-h] URI

Table 55.19. Positional Arguments

ValueSummary

URI

The uri reference for the secret

Table 55.20. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

55.6. secret get

Retrieve a secret by providing its URI.

Usage:

openstack secret get [-h] [-f {json,shell,table,value,yaml}]
                            [-c COLUMN] [--max-width <integer>] [--fit-width]
                            [--print-empty] [--noindent] [--prefix PREFIX]
                            [--decrypt] [--payload]
                            [--payload_content_type PAYLOAD_CONTENT_TYPE]
                            URI

Table 55.21. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.22. Positional Arguments

ValueSummary

URI

The uri reference for the secret.

Table 55.23. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 55.24. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.25. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--payload, -p

If specified, retrieve the unencrypted secret data; the data type can be specified with --payload_content_type. If the user wishes to only retrieve the value of the payload they must add "-f value" to format returning only the value of the payload

--payload_content_type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE

The content type of the decrypted secret (default: text/plain).

--decrypt, -d

If specified, retrieve the unencrypted secret data; the data type can be specified with --payload_content_type.

Table 55.26. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

55.7. secret list

List secrets.

Usage:

openstack secret list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
                             [--max-width <integer>] [--fit-width]
                             [--print-empty] [--noindent]
                             [--quote {all,minimal,none,nonnumeric}]
                             [--sort-column SORT_COLUMN] [--limit LIMIT]
                             [--offset OFFSET] [--name NAME]
                             [--algorithm ALGORITHM] [--bit-length BIT_LENGTH]
                             [--mode MODE] [--secret-type SECRET_TYPE]

Table 55.27. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.28. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 55.29. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 55.30. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.31. Optional Arguments

ValueSummary

--secret-type SECRET_TYPE, -s SECRET_TYPE

Specify the secret type (default: none).

--name NAME, -n NAME

Specify the secret name (default: none)

--limit LIMIT, -l LIMIT

Specify the limit to the number of items to list per page (default: 10; maximum: 100)

--bit-length BIT_LENGTH, -b BIT_LENGTH

The bit length filter for the list (default: 0).

--algorithm ALGORITHM, -a ALGORITHM

The algorithm filter for the list(default: none).

-h, --help

Show this help message and exit

--mode MODE, -m MODE

The algorithm mode filter for the list (default: None).

--offset OFFSET, -o OFFSET

Specify the page offset (default: 0)

55.8. secret order create

Create a new order.

Usage:

openstack secret order create [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent] [--prefix PREFIX]
                                     [--name NAME] [--algorithm ALGORITHM]
                                     [--bit-length BIT_LENGTH] [--mode MODE]
                                     [--payload-content-type PAYLOAD_CONTENT_TYPE]
                                     [--expiration EXPIRATION]
                                     [--request-type REQUEST_TYPE]
                                     [--subject-dn SUBJECT_DN]
                                     [--source-container-ref SOURCE_CONTAINER_REF]
                                     [--ca-id CA_ID] [--profile PROFILE]
                                     [--request-file REQUEST_FILE]
                                     type

Table 55.32. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.33. Positional Arguments

ValueSummary

type

The type of the order (key, asymmetric, certificate) to create.

Table 55.34. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 55.35. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.36. Optional Arguments

ValueSummary

--payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE

The type/format of the secret to be generated (default: application/octet-stream).

--expiration EXPIRATION, -x EXPIRATION

The expiration time for the secret in iso 8601 format.

--request-file REQUEST_FILE

The file containing the csr.

--subject-dn SUBJECT_DN

The subject of the certificate.

--request-type REQUEST_TYPE

The type of the certificate request.

--name NAME, -n NAME

A human-friendly name.

--bit-length BIT_LENGTH, -b BIT_LENGTH

The bit length of the requested secret key (default: 256).

--source-container-ref SOURCE_CONTAINER_REF

The source of the certificate when using stored-key requests.

--algorithm ALGORITHM, -a ALGORITHM

The algorithm to be used with the requested key (default: aes).

-h, --help

Show this help message and exit

--mode MODE, -m MODE

The algorithm mode to be used with the requested key (default: cbc).

--profile PROFILE

The profile of certificate to use.

--ca-id CA_ID

The identifier of the ca to use for the certificate request.

Table 55.37. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

55.9. secret order delete

Delete an order by providing its href.

Usage:

openstack secret order delete [-h] URI

Table 55.38. Positional Arguments

ValueSummary

URI

The uri reference for the order

Table 55.39. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

55.10. secret order get

Retrieve an order by providing its URI.

Usage:

openstack secret order get [-h] [-f {json,shell,table,value,yaml}]
                                  [-c COLUMN] [--max-width <integer>]
                                  [--fit-width] [--print-empty] [--noindent]
                                  [--prefix PREFIX]
                                  URI

Table 55.40. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.41. Positional Arguments

ValueSummary

URI

The uri reference order.

Table 55.42. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 55.43. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.44. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

Table 55.45. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

55.11. secret order list

List orders.

Usage:

openstack secret order list [-h] [-f {csv,json,table,value,yaml}]
                                   [-c COLUMN] [--max-width <integer>]
                                   [--fit-width] [--print-empty] [--noindent]
                                   [--quote {all,minimal,none,nonnumeric}]
                                   [--sort-column SORT_COLUMN] [--limit LIMIT]
                                   [--offset OFFSET]

Table 55.46. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.47. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 55.48. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 55.49. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.50. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--limit LIMIT, -l LIMIT

Specify the limit to the number of items to list per page (default: 10; maximum: 100)

--offset OFFSET, -o OFFSET

Specify the page offset (default: 0)

55.12. secret store

Store a secret in Barbican.

Usage:

openstack secret store [-h] [-f {json,shell,table,value,yaml}]
                              [-c COLUMN] [--max-width <integer>]
                              [--fit-width] [--print-empty] [--noindent]
                              [--prefix PREFIX] [--name NAME]
                              [--payload PAYLOAD] [--secret-type SECRET_TYPE]
                              [--payload-content-type PAYLOAD_CONTENT_TYPE]
                              [--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
                              [--algorithm ALGORITHM]
                              [--bit-length BIT_LENGTH] [--mode MODE]
                              [--expiration EXPIRATION]

Table 55.51. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 55.52. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 55.53. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 55.54. Optional Arguments

ValueSummary

--payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE

The type/format of the provided secret data; "text/plain" is assumed to be UTF-8; required when --payload is supplied.

--expiration EXPIRATION, -x EXPIRATION

The expiration time for the secret in iso 8601 format.

--secret-type SECRET_TYPE, -s SECRET_TYPE

The secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default)

--payload-content-encoding PAYLOAD_CONTENT_ENCODING, -e PAYLOAD_CONTENT_ENCODING

Required if --payload-content-type is "application /octet-stream".

--name NAME, -n NAME

A human-friendly name.

--bit-length BIT_LENGTH, -b BIT_LENGTH

The bit length (default: 256).

--algorithm ALGORITHM, -a ALGORITHM

The algorithm (default: aes).

-h, --help

Show this help message and exit

--mode MODE, -m MODE

The algorithm mode; used only for reference (default: cbc)

--payload PAYLOAD, -p PAYLOAD

The unencrypted secret; if provided, you must also provide a payload_content_type

Table 55.55. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

55.13. secret update

Update a secret with no payload in Barbican.

Usage:

openstack secret update [-h] URI payload

Table 55.56. Positional Arguments

ValueSummary

URI

The uri reference for the secret.

payload

The unencrypted secret

Table 55.57. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit