SecretHub has joined 1Password! Find out more on the SecretHub blog. 🎉
The SecretHub CLI provides the command-line interface to interact with the SecretHub API.
SecretHub is a secrets management tool that works for every engineer. Securely provision passwords and keys throughout your entire stack with just a few lines of code.
Below you can find a selection of some of the most-used SecretHub commands. Run secrethub --help
or the CLI reference docs for a complete list of all commands.
$ secrethub read <path/to/secret>
Print a secret to stdout.
$ secrethub generate <path/to/secret>
Generate a random value and store it as a new version of a secret
$ secrethub write <path/to/secret>
Ask for a value to store as a secret.
$ echo "mysecret" | secrethub write <path/to/secret>
Store a piped value as a secret.
$ secrethub write -i <filename> <path/to/secret>
Store the contents of a file as a secret.
$ export MYSECRET=secrethub://path/to/secret
$ secrethub run -- <executable/script>
Automatically load secrets into environment variables and provide them to the wrapped executable or script.
$ echo "mysecret: {{path/to/secret}}" | secrethub inject
Read a configuration template from stdin and automatically inject secrets into it.
$ secrethub service init <namespace>/<repo> --permission <dir>:<read/write/admin>
Create a service account for the given repository and automatically grant read, write or admin permission on the given directory.
$ secrethub acl set <path/to/directory> <account-name> <read/write/admin>
Grant an account read, write or admin permission on a directory.
$ secrethub repo revoke <namespace>/<repo> <account-name>
Revoke an account's access to a repository.
SecretHub integrates with all the tools you already know and love.
Check out the Integrations page to find out how SecretHub works with your tools.
Come chat with us on Discord or email us at [email protected]
Pull requests from the community are welcome. If you'd like to contribute, please checkout the contributing guidelines.
To build from source, having Golang installed is required. To build the binary in the current directory, run:
make build
To install the binary in the GOBIN directory, run:
make install
Run all tests:
make test
Run tests for one package:
go test ./internals/secrethub
Run a single test:
go test ./internals/secrethub -run TestWriteCommand_Run