A command line tool for managing OneOps application secrets.OneOps Secrets CLI interacts with the OneOps Secrets Proxy API.
Detailed user documentation for installation and usage is available on the OneOps website as well as via the help function:
$ secrets
usage: secrets <command> [<args>]
The most commonly used secrets commands are:
add Add secret for an application.
clients Show all clients for the application.
delete Delete a secret.
details Get a client/secret details for an application.
get Retrieve secret from vault.
help Display help information
info Show OneOps Secrets CLI version info.
list List all secrets for the application.
log Tail (no-follow) secrets cli log file.
revert Revert secret to the given version index.
update Update an existing secret.
versions Retrieve versions of a secret, sorted from newest to oldest update time.
See 'secrets help <command>' for more information on a specific command.Download the latest JAR or grab via Maven:
<dependency>
<groupId>com.oneops</groupId>
<artifactId>secrets-cli</artifactId>
<version>1.1.0</version>
</dependency>
- Add a secret for an application.
$ secrets add -a oneops_test-assembly_dev logstash-forwarder.crt -d "Logstash cert" -n "Logstash-Cert"
β Secret 'Logstash-Cert' added successfully for application /oneops/test-assembly/dev.
Note the followings,
β Secret 'Logstash-Cert' will be synced to '/oneops/test-assembly/dev' env computes in few seconds.
β Applications can access secret content by reading '/secrets/Logstash-Cert' file.
β You may need to restart the application inorder for this secret change to take effect.
β For security reasons, secrets are never persisted on the disk and can access from '/secrets' virtual memory file system.- Show all secrets for an application.
$ secrets list -a oneops_test-assembly_dev
Password for testuser :
β 3 secrets are stored for application env: /oneops/test-assembly/dev
+------------------------+---------------------+----------+----------+--------+---------+
| Secret Name | Description | UserID | Checksum | Expiry | Version |
+------------------------+---------------------+----------+----------+--------+---------+
| Logstash-Cert | Logstash cert | testuser | 5CCEB0 | Never | 42295 |
| app-private.key | app ssl key | testuser | B69967 | Never | 42227 |
| db-secret | databse secret | testuser | BE49B2 | Never | 42239 |
+------------------------+---------------------+----------+----------+--------+---------+-
Source
Make sure to provide proper secret-proxy truststore and application.conf before doing the build. Use InstallCerts tool to auto-generate trust-store from your secret proxy HTTPS endpoint.
$ git clone https://github.com/oneops/secrets-cli $ cd secrets-cli $ ./mvnw clean package
After a build the binary executables is located in the target/ directory and name secrets-cli-*-executable.jar.