This API allows you to conveniently store, access and share sensitive data.
- Secret management commands
- Secret Version management commands
- Access a SecretVersion, returning the sensitive data
- Create a SecretVersion
- Destroy a SecretVersion, permanently destroying the sensitive data
- Disable a SecretVersion
- Enable a SecretVersion
- Get metadata of a SecretVersion
- List versions of a secret, not returning any sensitive data
- Update metadata of a SecretVersion
Logical container made up of zero or more immutable versions, that hold the sensitive data.
Create a Secret containing no versions.
Usage:
scw secret secret create [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| project-id | Project ID to use. If none is passed the default project ID will be used | |
| name | Name of the Secret | |
| tags.{index} | List of tags associated to this Secret | |
| description | Description of the Secret | |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Examples:
Add a given secret
scw secret secret create name=foobar description="$(cat <path/to/your/secret>)"
Delete a secret.
Usage:
scw secret secret delete [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Examples:
Delete a given secret
scw secret secret delete secret-id=11111111-1111-1111-1111-111111111111
Get metadata of a Secret.
Usage:
scw secret secret get [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
List Secrets.
Usage:
scw secret secret list [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| project-id | ID of a project to filter on (optional) | |
| name | Secret name to filter on (optional) | |
| tags.{index} | List of tags to filter on (optional) | |
| order-by | One of: name_asc, name_desc, created_at_asc, created_at_desc, updated_at_asc, updated_at_desc |
|
| organization-id | ID of an organization to filter on (optional) | |
| region | Default: fr-parOne of: fr-par, all |
Region to target. If none is passed will use default region from the config |
Update metadata of a Secret.
Usage:
scw secret secret update [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| name | New name of the Secret (optional) | |
| tags.{index} | New list of tags associated to this Secret (optional) | |
| description | Description of the Secret | |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Immutable version of a secret.
Access a SecretVersion, returning the sensitive data.
Usage:
scw secret version access [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| revision | Required | Revision of the SecretVersion (may be a number or "latest") |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Create a SecretVersion.
Usage:
scw secret version create [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| data | Required | Content of the secret version. Base64 is handled by the SDK |
| description | Description of the SecretVersion | |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Destroy a SecretVersion, permanently destroying the sensitive data.
Usage:
scw secret version delete [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| revision | Required | Revision of the SecretVersion (may be a number or "latest") |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Examples:
Delete a given Secret Version
scw secret version delete secret-id=11111111-1111-1111-1111-111111111111 revision=1
Disable a SecretVersion.
Usage:
scw secret version disable [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| revision | Required | Revision of the SecretVersion (may be a number or "latest") |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Enable a SecretVersion.
Usage:
scw secret version enable [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| revision | Required | Revision of the SecretVersion (may be a number or "latest") |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
Get metadata of a SecretVersion.
Usage:
scw secret version get [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| revision | Required | Revision of the SecretVersion (may be a number or "latest") |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |
List versions of a secret, not returning any sensitive data.
Usage:
scw secret version list [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| status.{index} | One of: unknown, enabled, disabled, destroyed |
Filter results by status |
| region | Default: fr-parOne of: fr-par, all |
Region to target. If none is passed will use default region from the config |
Update metadata of a SecretVersion.
Usage:
scw secret version update [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| secret-id | Required | ID of the Secret |
| revision | Required | Revision of the SecretVersion (may be a number or "latest") |
| description | Description of the SecretVersion | |
| region | Default: fr-parOne of: fr-par |
Region to target. If none is passed will use default region from the config |