Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.
/ secrethub-cli Public archive

A secrets management platform that every engineer can use with minimal code changes.

License

Notifications You must be signed in to change notification settings

secrethub/secrethub-cli

Repository files navigation


1Password SecretHub has joined 1Password! Find out more on the SecretHub blog. 🎉


SecretHub


Get Started View Docs


SecretHub CLI

GoDoc CircleCI Go Report Card Version Discord

The SecretHub CLI provides the command-line interface to interact with the SecretHub API.

SecretHub is a secrets management tool that works for every engineer. Securely provision passwords and keys throughout your entire stack with just a few lines of code.

Usage

Below you can find a selection of some of the most-used SecretHub commands. Run secrethub --help or the CLI reference docs for a complete list of all commands.

Reading and writing secrets

$ secrethub read <path/to/secret>
Print a secret to stdout.

$ secrethub generate <path/to/secret>
Generate a random value and store it as a new version of a secret

$ secrethub write <path/to/secret>
Ask for a value to store as a secret.

$ echo "mysecret" | secrethub write <path/to/secret>
Store a piped value as a secret.

$ secrethub write -i <filename> <path/to/secret>
Store the contents of a file as a secret.

Provisioning your applications with secrets

$ export MYSECRET=secrethub://path/to/secret
$ secrethub run -- <executable/script>
Automatically load secrets into environment variables and provide them to the wrapped executable or script.

$ echo "mysecret: {{path/to/secret}}" | secrethub inject
Read a configuration template from stdin and automatically inject secrets into it.

Access control

$ secrethub service init <namespace>/<repo> --permission <dir>:<read/write/admin>
Create a service account for the given repository and automatically grant read, write or admin permission on the given directory.

$ secrethub acl set <path/to/directory> <account-name> <read/write/admin>
Grant an account read, write or admin permission on a directory.

$ secrethub repo revoke <namespace>/<repo> <account-name>
Revoke an account's access to a repository.

Integrations

SecretHub integrates with all the tools you already know and love.

Check out the Integrations page to find out how SecretHub works with your tools.

Getting help

Come chat with us on Discord or email us at [email protected]

Development

Pull requests from the community are welcome. If you'd like to contribute, please checkout the contributing guidelines.

Build

To build from source, having Golang installed is required. To build the binary in the current directory, run:

make build

Install

To install the binary in the GOBIN directory, run:

make install

Test

Run all tests:

make test

Run tests for one package:

go test ./internals/secrethub

Run a single test:

go test ./internals/secrethub -run TestWriteCommand_Run