Command line tool for working with aws secrets manager

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ncheneweth from gravatar.com ncheneweth

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: Nic Cheneweth

Requires: Python >=3.5

Classifiers

Project description

secretctl

CirclecI Test Coverage Maintainability PyPI version License Command-line tool for working with aws secrets manager.

Installing

secretctl is a python package.

$ pip install secretctl

Authenticating

'secretctl' requires an authenticated AWS user with permissions to use the Secrets Manager, as resolved by boto3. The primary example being identity settings in ~/.aws/credentials. A recommended way to do this is using aws-vault, as in:

$ aws-vault exec prod -- secretctl ..

Usage

Creating and Updating Secrets

$ secretctl create <path/key> <value | ->

This command will write a secret into the Secret Managers. If - is provided as the value argument, the value will be read from standard input. A description can be added using the --description flag. Tags are added using the --tags flag and flag values in the tag=value format.

$ secretctl create <path/key> <value> --description <STRING> --tags <tag>=<value>, ..

If the path/key already exists, the process will fail. Use update to change the value of a secret.

$ cat <filename> | secretctl update myapp/dev/public-key -

Use secretctl tag and secretctl untag to add/remove/modify tags.

Reading Secrets

$ secretctl read myapp/dev/docker_login

   Path/Key                   Version   Value
   myapp/dev/docker_login     1         mydockerlogin

Use --quiet to return only the secret value.

Listing Secrets

$ secretctl list --path di/dev/

Path/Key                Description                             Tags
di/dev/docker_username  access credentials for private regis..  team=di, circleci-context=team-di
di/dev/docker_password  access credentials for private regis..  team=di, circleci-context=team-di
di/dev/vault_token      team vault token                        team=di, circleci-context=team-di
Found 3 secrets.

If no --path is provided, all secrets will be listed. Use the --tags to filter for secrets where tags or values match STRING.

Exporting

$ secretctl export di/dev/

docker_username=mydockerlogin
docker_password=mydockerpassword
vault_token=myvaulttoken

Example use in a deploy pipeline:

$ secretctl export di/dev/ > local.env
$ source local.env

export can export secrets in various file formats. The following file formats are supported:

  • tfvars (default)
  • json
  • csv

under development

sercretctl does not yet support: custom KMS key binary secret value type (unit testing) no moto support for testing descriptions or resource tags

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ncheneweth from gravatar.com ncheneweth

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: Nic Cheneweth

Requires: Python >=3.5

Classifiers

Release history Release notifications | RSS feed

This version

0.0.19

0.0.13

0.0.12

0.0.11

0.0.10

0.0.9

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secretctl-0.0.19.tar.gz (8.3 kB view hashes)

Uploaded Source

Built Distribution

secretctl-0.0.19-py3-none-any.whl (10.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page