SecretHub has joined 1Password! Find out more on the SecretHub blog. 🎉
SecretHub CLI
The SecretHub CLI provides the command-line interface to interact with the SecretHub API.
SecretHub is a secrets management tool that works for every engineer. Securely provision passwords and keys throughout your entire stack with just a few lines of code.
Usage
Below you can find a selection of some of the most-used SecretHub commands. Run secrethub --help
or the CLI reference docs for a complete list of all commands.
Reading and writing secrets
$ secrethub read <path/to/secret>
Print a secret to stdout.
$ secrethub generate <path/to/secret>
Generate a random value and store it as a new version of a secret
$ secrethub write <path/to/secret>
Ask for a value to store as a secret.
$ echo "mysecret" | secrethub write <path/to/secret>
Store a piped value as a secret.
$ secrethub write -i <filename> <path/to/secret>
Store the contents of a file as a secret.
Provisioning your applications with secrets
$ export MYSECRET=secrethub://path/to/secret
$ secrethub run -- <executable/script>
Automatically load secrets into environment variables and provide them to the wrapped executable or script.
$ echo "mysecret: {{path/to/secret}}" | secrethub inject
Read a configuration template from stdin and automatically inject secrets into it.
Access control
$ secrethub service init <namespace>/<repo> --permission <dir>:<read/write/admin>
Create a service account for the given repository and automatically grant read, write or admin permission on the given directory.
$ secrethub acl set <path/to/directory> <account-name> <read/write/admin>
Grant an account read, write or admin permission on a directory.
$ secrethub repo revoke <namespace>/<repo> <account-name>
Revoke an account's access to a repository.
Integrations
SecretHub integrates with all the tools you already know and love.
Check out the Integrations page to find out how SecretHub works with your tools.
Getting help
Come chat with us on Discord or email us at [email protected]
Development
Pull requests from the community are welcome. If you'd like to contribute, please checkout the contributing guidelines.
Build
To build from source, having Golang installed is required. To build the binary in the current directory, run:
make build
Install
To install the binary in the GOBIN directory, run:
make install
Test
Run all tests:
make test
Run tests for one package:
go test ./internals/secrethub
Run a single test:
go test ./internals/secrethub -run TestWriteCommand_Run