Skip to content
This repository has been archived by the owner on Nov 22, 2023. It is now read-only.

Keywhiz CLI

Riyaz Faizullabhoy edited this page Apr 9, 2015 · 2 revisions

The Keywhiz CLI (command line interface) is intended to be run by users – upon invocation, it will prompt for your password and save cookies to persist a session. If you intend to use Keywhiz with a script, it is preferred to use the automation endpoints.

Setup

If you haven't setup the CLI, here's how you can get started.

First, clone the keywhiz repo, if you haven't already.

$ git clone https://github.com/square/keywhiz.git

From the base of the keywhiz repository:

$ mvn package -am -pl cli

Run the CLI and get a usage statement:

$ ./cli/target/keywhiz-cli-*-SNAPSHOT-shaded.jar

You may want to alias this command for convenience:

$ alias keywhiz.cli="/path/to/keywhiz-cli-*-SNAPSHOT-shaded.jar"

Usage

For general information, just running keywhiz.cli has some helpful output of all of the available commands and the associated arguments.

####Logging in

keywhiz.cli login

Note that you must log in prior to running any other commands.

If you do not explicitly call the login command prior to any other command, keywhiz.cli will still prompt for your credentials (LDAP or BCrypt, depending on your configuration), and proceed to log you in before running the desired command. You will receive an error message if you provide incorrect credentials.

Upon success, Keywhiz CLI will save cookies so that you should not have to log back in for the remainder of your session.

Some Examples

####Adding a secret

keywhiz.cli add secret --name mySecret.key --group myGroup < mySecretContents.key

Note: you should login before running keywhiz.cli with any sort of input redirection.

Adds secret with name mySecret.key and assign it to myGroup. Use the contents of mySecretContents.key as contents for the secret. If you'd like to set special permissions or other metadata, you can do so with the json flag like so: --json '{"owner":"root","group":"someGroup","mode":"0440"}'

####Adding a group

keywhiz.cli add group --name myGroup

Add group with name myGroup.

####Assigning a secret to a group

keywhiz.cli assign secret --name mySecret --group myGroup

Assign secret with name mySecret to group with name myGroup.

####Assigning a client to a group

keywhiz.cli assign client --name myClient --group myGroup

Assign client with name myClient to group with name myGroup.

####Unassigning a secret to a group

keywhiz.cli unassign secret --name mySecret --group myGroup

Unassign secret with name mySecret to group with name myGroup. Can also unassign clients from groups.

####Deleting a secret

keywhiz.cli delete secret --name mySecret

Delete secret with name mySecret. Can also delete clients and groups.

####Listing all secrets

keywhiz.cli list secrets

List all secrets by name. Can also list all clients and groups.

####Describing a specific secret

keywhiz.cli describe secret --name mySecret

Show details (groups, clients, metadata) for the secret with name mySecret. Can also describe details for clients and groups.

Clone this wiki locally