-
Notifications
You must be signed in to change notification settings - Fork 216
Keywhiz CLI
The Keywhiz CLI (command line interface) is intended to be run by users – upon invocation, it will prompt for your password and save cookies to persist a session. If you intend to use Keywhiz with a script, it is preferred to use the automation endpoints.
If you haven't setup the CLI, here's how you can get started.
First, clone the keywhiz repo, if you haven't already.
$ git clone https://github.com/square/keywhiz.git
From the base of the keywhiz repository:
$ mvn package -am -pl cli
Run the CLI and get a usage statement:
$ ./cli/target/keywhiz-cli-*-SNAPSHOT-shaded.jar
You may want to alias this command for convenience:
$ alias keywhiz.cli="/path/to/keywhiz-cli-*-SNAPSHOT-shaded.jar"
For general information, just running keywhiz.cli
has some helpful output of all of the available commands and the associated arguments.
####Logging in
keywhiz.cli login
Note that you must log in prior to running any other commands.
If you do not explicitly call the login
command prior to any other command, keywhiz.cli
will still prompt for your credentials (LDAP or BCrypt, depending on your configuration), and proceed to log you in before running the desired command. You will receive an error message if you provide incorrect credentials.
Upon success, Keywhiz CLI will save cookies so that you should not have to log back in for the remainder of your session.
####Adding a secret
keywhiz.cli add secret --name mySecret.key --group myGroup < mySecretContents.key
Note: you should login before running keywhiz.cli
with any sort of input redirection.
Adds secret with name mySecret.key
and assign it to myGroup
. Use the contents of mySecretContents.key
as contents for the secret. If you'd like to set special permissions or other metadata, you can do so with the json flag like so:
--json '{"owner":"root","group":"someGroup","mode":"0440"}'
####Adding a group
keywhiz.cli add group --name myGroup
Add group with name myGroup
.
####Assigning a secret to a group
keywhiz.cli assign secret --name mySecret --group myGroup
Assign secret with name mySecret
to group with name myGroup
.
####Assigning a client to a group
keywhiz.cli assign client --name myClient --group myGroup
Assign client with name myClient
to group with name myGroup
.
####Unassigning a secret to a group
keywhiz.cli unassign secret --name mySecret --group myGroup
Unassign secret with name mySecret
to group with name myGroup
. Can also unassign clients from groups.
####Deleting a secret
keywhiz.cli delete secret --name mySecret
Delete secret with name mySecret
. Can also delete clients and groups.
####Listing all secrets
keywhiz.cli list secrets
List all secrets by name. Can also list all clients and groups.
####Describing a specific secret
keywhiz.cli describe secret --name mySecret
Show details (groups, clients, metadata) for the secret with name mySecret
. Can also describe details for clients and groups.
Using Keywhiz
Developing Keywhiz