Chapter 68. secret

This chapter describes the commands under the secret command.

68.1. secret container create

Store a container in Barbican.

Usage:

openstack secret container create [-h]
                                         [-f {json,shell,table,value,yaml}]
                                         [-c COLUMN] [--noindent]
                                         [--prefix PREFIX]
                                         [--max-width <integer>] [--fit-width]
                                         [--print-empty] [--name NAME]
                                         [--type TYPE] [--secret SECRET]

Table 68.1. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--name NAME, -n NAME

A human-friendly name.

--type TYPE

Type of container to create (default: generic).

--secret SECRET, -s SECRET

One secret to store in a container (can be set multiple times). Example: --secret "private_key=https://url.test/v1/secrets/1-2-3-4"

Table 68.2. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.3. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.4. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.5. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.2. secret container delete

Delete a container by providing its href.

Usage:

openstack secret container delete [-h] URI

Table 68.6. Positional arguments

ValueSummary

URI

The uri reference for the container

Table 68.7. Command arguments

ValueSummary

-h, --help

Show this help message and exit

68.3. secret container get

Retrieve a container by providing its URI.

Usage:

openstack secret container get [-h] [-f {json,shell,table,value,yaml}]
                                      [-c COLUMN] [--noindent]
                                      [--prefix PREFIX]
                                      [--max-width <integer>] [--fit-width]
                                      [--print-empty]
                                      URI

Table 68.8. Positional arguments

ValueSummary

URI

The uri reference for the container.

Table 68.9. Command arguments

ValueSummary

-h, --help

Show this help message and exit

Table 68.10. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.11. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.12. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.13. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.4. secret container list

List containers.

Usage:

openstack secret container list [-h] [-f {csv,json,table,value,yaml}]
                                       [-c COLUMN]
                                       [--quote {all,minimal,none,nonnumeric}]
                                       [--noindent] [--max-width <integer>]
                                       [--fit-width] [--print-empty]
                                       [--sort-column SORT_COLUMN]
                                       [--limit LIMIT] [--offset OFFSET]
                                       [--name NAME] [--type TYPE]

Table 68.14. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--limit LIMIT, -l LIMIT

Specify the limit to the number of items to list per page (default: 10; maximum: 100)

--offset OFFSET, -o OFFSET

Specify the page offset (default: 0)

--name NAME, -n NAME

Specify the container name (default: none)

--type TYPE, -t TYPE

Specify the type filter for the list (default: none).

Table 68.15. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 68.16. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.17. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.18. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.5. secret delete

Delete a secret by providing its URI.

Usage:

openstack secret delete [-h] URI

Table 68.19. Positional arguments

ValueSummary

URI

The uri reference for the secret

Table 68.20. Command arguments

ValueSummary

-h, --help

Show this help message and exit

68.6. secret get

Retrieve a secret by providing its URI.

Usage:

openstack secret get [-h] [-f {json,shell,table,value,yaml}]
                            [-c COLUMN] [--noindent] [--prefix PREFIX]
                            [--max-width <integer>] [--fit-width]
                            [--print-empty]
                            [--decrypt | --payload | --file <filename>]
                            [--payload_content_type PAYLOAD_CONTENT_TYPE]
                            URI

Table 68.21. Positional arguments

ValueSummary

URI

The uri reference for the secret.

Table 68.22. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--decrypt, -d

If specified, retrieve the unencrypted secret data.

--payload, -p

If specified, retrieve the unencrypted secret data.

--file <filename>, -F <filename>

If specified, save the payload to a new file with the given filename.

--payload_content_type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE

The content type of the decrypted secret (default: text/plain).

Table 68.23. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.24. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.25. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.26. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.7. secret list

List secrets.

Usage:

openstack secret list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
                             [--quote {all,minimal,none,nonnumeric}]
                             [--noindent] [--max-width <integer>]
                             [--fit-width] [--print-empty]
                             [--sort-column SORT_COLUMN] [--limit LIMIT]
                             [--offset OFFSET] [--name NAME]
                             [--algorithm ALGORITHM] [--bit-length BIT_LENGTH]
                             [--mode MODE] [--secret-type SECRET_TYPE]

Table 68.27. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--limit LIMIT, -l LIMIT

Specify the limit to the number of items to list per page (default: 10; maximum: 100)

--offset OFFSET, -o OFFSET

Specify the page offset (default: 0)

--name NAME, -n NAME

Specify the secret name (default: none)

--algorithm ALGORITHM, -a ALGORITHM

The algorithm filter for the list(default: none).

--bit-length BIT_LENGTH, -b BIT_LENGTH

The bit length filter for the list (default: 0).

--mode MODE, -m MODE

The algorithm mode filter for the list (default: None).

--secret-type SECRET_TYPE, -s SECRET_TYPE

Specify the secret type (default: none).

Table 68.28. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 68.29. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.30. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.31. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.8. secret order create

Create a new order.

Usage:

openstack secret order create [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--noindent]
                                     [--prefix PREFIX] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--name NAME] [--algorithm ALGORITHM]
                                     [--bit-length BIT_LENGTH] [--mode MODE]
                                     [--payload-content-type PAYLOAD_CONTENT_TYPE]
                                     [--expiration EXPIRATION]
                                     [--request-type REQUEST_TYPE]
                                     [--subject-dn SUBJECT_DN]
                                     [--source-container-ref SOURCE_CONTAINER_REF]
                                     [--ca-id CA_ID] [--profile PROFILE]
                                     [--request-file REQUEST_FILE]
                                     type

Table 68.32. Positional arguments

ValueSummary

type

The type of the order (key, asymmetric, certificate) to create.

Table 68.33. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--name NAME, -n NAME

A human-friendly name.

--algorithm ALGORITHM, -a ALGORITHM

The algorithm to be used with the requested key (default: aes).

--bit-length BIT_LENGTH, -b BIT_LENGTH

The bit length of the requested secret key (default: 256).

--mode MODE, -m MODE

The algorithm mode to be used with the requested key (default: cbc).

--payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE

The type/format of the secret to be generated (default: application/octet-stream).

--expiration EXPIRATION, -x EXPIRATION

The expiration time for the secret in iso 8601 format.

--request-type REQUEST_TYPE

The type of the certificate request.

--subject-dn SUBJECT_DN

The subject of the certificate.

--source-container-ref SOURCE_CONTAINER_REF

The source of the certificate when using stored-key requests.

--ca-id CA_ID

The identifier of the ca to use for the certificate request.

--profile PROFILE

The profile of certificate to use.

--request-file REQUEST_FILE

The file containing the csr.

Table 68.34. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.35. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.36. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.37. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.9. secret order delete

Delete an order by providing its href.

Usage:

openstack secret order delete [-h] URI

Table 68.38. Positional arguments

ValueSummary

URI

The uri reference for the order

Table 68.39. Command arguments

ValueSummary

-h, --help

Show this help message and exit

68.10. secret order get

Retrieve an order by providing its URI.

Usage:

openstack secret order get [-h] [-f {json,shell,table,value,yaml}]
                                  [-c COLUMN] [--noindent] [--prefix PREFIX]
                                  [--max-width <integer>] [--fit-width]
                                  [--print-empty]
                                  URI

Table 68.40. Positional arguments

ValueSummary

URI

The uri reference order.

Table 68.41. Command arguments

ValueSummary

-h, --help

Show this help message and exit

Table 68.42. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.43. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.44. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.45. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.11. secret order list

List orders.

Usage:

openstack secret order list [-h] [-f {csv,json,table,value,yaml}]
                                   [-c COLUMN]
                                   [--quote {all,minimal,none,nonnumeric}]
                                   [--noindent] [--max-width <integer>]
                                   [--fit-width] [--print-empty]
                                   [--sort-column SORT_COLUMN] [--limit LIMIT]
                                   [--offset OFFSET]

Table 68.46. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--limit LIMIT, -l LIMIT

Specify the limit to the number of items to list per page (default: 10; maximum: 100)

--offset OFFSET, -o OFFSET

Specify the page offset (default: 0)

Table 68.47. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 68.48. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.49. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.50. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.12. secret store

Store a secret in Barbican.

Usage:

openstack secret store [-h] [-f {json,shell,table,value,yaml}]
                              [-c COLUMN] [--noindent] [--prefix PREFIX]
                              [--max-width <integer>] [--fit-width]
                              [--print-empty] [--name NAME]
                              [--secret-type SECRET_TYPE]
                              [--payload-content-type PAYLOAD_CONTENT_TYPE]
                              [--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
                              [--algorithm ALGORITHM]
                              [--bit-length BIT_LENGTH] [--mode MODE]
                              [--expiration EXPIRATION]
                              [--payload PAYLOAD | --file <filename>]

Table 68.51. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--name NAME, -n NAME

A human-friendly name.

--secret-type SECRET_TYPE, -s SECRET_TYPE

The secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default)

--payload-content-type PAYLOAD_CONTENT_TYPE, -t PAYLOAD_CONTENT_TYPE

The type/format of the provided secret data; "text/plain" is assumed to be UTF-8; required when --payload is supplied.

--payload-content-encoding PAYLOAD_CONTENT_ENCODING, -e PAYLOAD_CONTENT_ENCODING

Required if --payload-content-type is "application/octet-stream".

--algorithm ALGORITHM, -a ALGORITHM

The algorithm (default: aes).

--bit-length BIT_LENGTH, -b BIT_LENGTH

The bit length (default: 256).

--mode MODE, -m MODE

The algorithm mode; used only for reference (default: cbc)

--expiration EXPIRATION, -x EXPIRATION

The expiration time for the secret in iso 8601 format.

--payload PAYLOAD, -p PAYLOAD

The unencrypted secret data.

--file <filename>, -F <filename>

File containing the secret payload

Table 68.52. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.53. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.54. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.55. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.13. secret update

Update a secret with no payload in Barbican.

Usage:

openstack secret update [-h] URI payload

Table 68.56. Positional arguments

ValueSummary

URI

The uri reference for the secret.

payload

The unencrypted secret

Table 68.57. Command arguments

ValueSummary

-h, --help

Show this help message and exit