Command line tool for working with aws secrets manager
Project description
secretctl
Installing
secretctl is a python package.
$ pip install secretctl
Authenticating
'secretctl' requires an authenticated AWS user with permissions to use the Secrets Manager, as resolved by boto3.
The primary example being identity settings in ~/.aws/credentials. A recommended way to do this is using aws-vault,
as in:
$ aws-vault exec prod -- secretctl ..
Usage
Creating and Updating Secrets
$ secretctl create <path/key> <value | ->
This command will write a secret into the Secret Managers. If - is provided as the value argument, the value will be read from standard input. A description can be added using the --description flag. Tags are added using the --tags flag
and flag values in the tag=value format.
$ secretctl create <path/key> <value> --description <STRING> --tags <tag>=<value>, ..
If the path/key already exists, the process will fail. Use update to change the value of a
secret.
$ cat <filename> | secretctl update myapp/dev/public-key -
Use secretctl tag and secretctl untag to add/remove/modify tags.
Reading Secrets
$ secretctl read myapp/dev/docker_login
Path/Key Version Value
myapp/dev/docker_login 1 mydockerlogin
Use --quiet to return only the secret value.
Listing Secrets
$ secretctl list --path di/dev/
Path/Key Description Tags
di/dev/docker_username access credentials for private regis.. team=di, circleci-context=team-di
di/dev/docker_password access credentials for private regis.. team=di, circleci-context=team-di
di/dev/vault_token team vault token team=di, circleci-context=team-di
Found 3 secrets.
If no --path is provided, all secrets will be listed. Use the --tags to filter for secrets where tags or values match STRING.
Exporting
$ secretctl export di/dev/
docker_username=mydockerlogin
docker_password=mydockerpassword
vault_token=myvaulttoken
Example use in a deploy pipeline:
$ secretctl export di/dev/ > local.env
$ source local.env
export can export secrets in various file formats. The following
file formats are supported:
- tfvars (default)
- json
- csv
under development
sercretctl does not yet support: custom KMS key binary secret value type (unit testing) no moto support for testing descriptions or resource tags
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file secretctl-0.0.19.tar.gz.
File metadata
- Download URL: secretctl-0.0.19.tar.gz
- Upload date:
- Size: 8.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.14.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.7.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4005a6657f01b236ac3c88889bbe8f3289ca6f2eb5099e977e60d4c69f653e7e |
|
| MD5 | 478e0f7de4344cf273d906bddbc088c1 |
|
| BLAKE2b-256 | 4b400eba831bc04b7f9c907d42b9ec6693531fd39c8878469fdaf4c61b1f2f55 |
File details
Details for the file secretctl-0.0.19-py3-none-any.whl.
File metadata
- Download URL: secretctl-0.0.19-py3-none-any.whl
- Upload date:
- Size: 10.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.14.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.7.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 95f5603a0ea720017c50ed979334a232f6e750d4438f7cd13ce7b7bfd65fe304 |
|
| MD5 | 3aa2fb06d18042d84d392ff29070f303 |
|
| BLAKE2b-256 | 23e0920e71a32ef414b2d27dac41c4d48f04e2a1bdd17c00f7e6d702a815fb8f |
