No project description provided
Project description
The secretcli project provides a simple to use command line interface to the AWS Secrets Manager. It is capable of uploading or downloading the entire secret as well as working with individual fields.
Usage
Initializing a new Secret
New secrets are easy to initiate. This will create a new Secret in the AWS Secret Manager and store an empty javascript object as the first version.
$ secretscli init TestSecret
Working with individual Keys
Additional Key/Value pairs can be added to the secret using a single command. Behind the scenes this downloads the existing database, updates it with the new key/value pair, and uploads it as the current version.
$ secretscli set TestSecret postgreshost 10.10.10.16
$ secretscli set TestSecret postgresuser postgres
$ secretscli set TestSecret postgrespassword super_secret_string
$ secretscli set TestSecret longstring "This is a string with spaces."
Retrieving values is just as simple. This can be useful when trying to use values in bash scripts.
$ secretscli get TestSecret postgreshost
10.10.10.16
$ secretscli get TestSecret postgresuser
postgres
$ secretscli get TestSecret postgrespassword
super_secret_string
Values can also be completely removed from the secret.
$ secretscli get TestSecret postgreshost
10.10.10.16
$ secretscli remove TestSecret postgreshost
$ secretscli get TestSecret postgreshost
To avoid passing the value directly into the console (potentially logging it in places like bash history) the -s flag can be passed and the value can be passed in interactively without displaying it.
$ secretscli set TestSecret postgrespassword -s
Value:
Repeat for confirmation:
$ secretscli get TestSecret postgrespassword
super_secret_string
Working with entire Files
The entire Secret can be downloaded as a file. This command works regardless of the format of the file- Secrets that are not managed by secretcli can be downloaded using this tool.
$ secretscli download TestSecret ./secret_configuration.json
The file can also be uploaded- but be careful, it will be uploaded exactly as is without any verification of the json formatting.
$ secretscli upload TestSecret ./secret_configuration.json
Datastore Format
secretcli stores data as a JSON Object in an attempt to be as interoperable as possible. Each key passed to secretcli is represented by a key in the JSON Object.
When storing in AWS Secret Manager secretcli uses the SecretString field in the AWS Secrets Manager. This allows the database to be viewed in the AWS Console both as a raw string and using the Key/Value table.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for secretcli-0.1.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2c84b8aeff281f4ea1b865a13ddb4560a4daf88b5e55f737ef873f23acf9f83f |
|
MD5 | 10df3918871f343592638905e8308230 |
|
BLAKE2b-256 | c06ec7adddd08562acc72c9b672d1e0e9df9505da59e3345e125261a3b33ad4d |