Skip to content
This repository has been archived by the owner on Sep 25, 2020. It is now read-only.
/ privx-secrets Public archive

Command-line tool for accessing secrets, stored in the PrivX secrets vault

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SSHcom/privx-secrets

BranchesTags

Repository files navigation

privx-secrets

The command line application is not supported any more.
Please use https://github.com/SSHcom/privx-cli

The privx-secrets is a command-line tool for accessing secrets, stored in the PrivX secrets vault.

Synopsis

privx-secrets [-api endpoint] [-config file] [-v] command command arguments

The privx-secrets accepts the following arguments which apply for all commands:

  • -api endpoint sets the PrivX API endpoint to endpoint.
  • -config file reads the global configuration information from the file file.
  • -v enable verbose output.

The following commands are defined:

  • login verify command authentication information by logging in to the PrivX server.
  • get gets secrets from the vault.

The login command

The get command

The get command accepts the following arguments:

  • -c Generate C-shell commands on stdout
  • -s Generate Bourne shell commands on stdout
  • -separator string Data element separator (default ".").
  • -spread Spread compounds types

Configuration file

The default configuration file is .privx-sdk.toml at user's home directory. If the home directory can not be resolved, the program tries to open the system wide default configuration filed called /opt/etc/privx/privx-sdk.toml. The configuration file location can be changed with the -config command line argument.

API configuration

The [api] configuration block contains the PrivX API configuration information:

  • endpoint: the PrivX API endpoint URL
  • certificate: the CA root certificate issuing the REST API server certificates. If this is unset, the application will use the operating system's trusted CA certificates.

Authentication configuration

The [auth] configuration block contains the API authentication credentials.

Examples

Sample secret data for the secret database:

{
  "auth_password": {
    "password": "very secret database password",
    "username": "postgresql"
  },
  "url": "postgresql://proddb.ssh.com:5432"
}

Get a secret value:

$ privx-secrets get database.url
postgresql://proddb.ssh.com:5432

Getting multiple named values:

$ ./privx-secrets get USERNAME=database.auth_password.username PASSWORD=database.auth_password.password
USERNAME="postgresql"
PASSWORD="very secret database password"

The -c or -s options makes it easy to pull multiple values and bind them in shell scripts:

$ eval `privx-secrets get -s USERNAME=database.auth_password.username PASSWORD=database.auth_password.password`
$ echo $USERNAME
postgresql
$ echo $PASSWORD
very secret database password

Getting configuration blobs with automated value spreading:

$ ./privx-secrets get -spread DB=database
DB_url="postgresql://proddb.ssh.com:5432"
DB_auth_password_password="very secret database password"
DB_auth_password_username="postgresql"

About

Command-line tool for accessing secrets, stored in the PrivX secrets vault

Topics

pam iam privx

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages