Create a ticket
Sign in Sign up
Locker support Locker support
Results

No results found.

Home Locker Secrets Manager Developer tools Locker Secrets commands (CLI)
Vietnamese English
Locker Secrets commands (CLI)

Locker Secrets features a command-line interface (CLI) that wraps common functionality and formats output. The Locker Secrets CLI is a single static binary. It is a wrapper around the HTTP API.

CLI command structure

Each command is represented as a command or subcommand, and there are a number of command and subcommand options available: HTTP options, output options, and command-specific options.

Construct your Locker Secrets CLI command such that the command options precede its path and arguments if any:

locker <command> <subcommands> [flags]

Global flags

  • --access-key-id [string]: get from Locker Secret’s web client
  • --access-key-secret [string]: get from Locker Secret’s web client
  • --headers [strings]: custom headers for Locker Secret Server, must be in the form: “key1: value1, key2: value2”
  • --credential [string]: path to the credential file, default $USER/.locker/credential.json
  • --api-base [string]: set API endpoint host, default https://secrets-core.locker.io/
  • --agent [string]: specify the invoking agent, default Locker Secret CLI - version xxx, must be in the form of agent - version, currently accepts the following agents: Python, .Net, NodeJS
  • --fetch: set this flag to get encrypted data from the Secret server instead of local storage
  • --verbose: display verbose output.
  • --output [string]: export the verbose output to a JSON file
  • --version: get the version of Locker Secret CLI
  • --help: get the CLI help on the current command/subcommand

Credential priority order

Normally, a Locker Secret command must be supplied with the access key’s ID and secret through two flags:

locker secret list --access-key-id {id} --access-key-secret {secret}

But, if either the environment variables LOCKER_ACCESS_KEY_ID and LOCKER_ACCESS_KEY_SECRET are set or the credential data are initialized either manually or by the configuration command, Locker Secret will use those instead.

locker secret list // no access key flags required

If more than one credential is present, Locker Secret will prioritize by this order: command line flags → credential file → environment variables

Command configuration

Set the access key’s details to the credential file.

locker configuration --access-key-id {id} --access-key-secret {secret}

There will be an input prompt for either flag that is not provided.

If there is an old access key ID and secret in the credential file, there will be a confirmation prompt for overwriting.

Command secret

Perform Read and Write actions on encrypted secrets.

locker secret <subcommands> [flags]

Subcommand list

list retrieves and decrypts all secrets from the server

locker secret list [flags]
 

DEPRECATED DOCS BELOW


II. Listing items

To list secrets/environments in the vaults, use the --list subcommand:

locker_secret [secret/environment] list --access-key {access key} [common flags]

The output will be in JSON form:

[
	{
		// item no. 1
		"key": "decrypted value"
		"value": "decrypted value",
		"description": "decrypted description"
		...
	},
	{
		// item no. 2
		"key": "decrypted value"
		"value": "decrypted value",
		"description": "decrypted description"
		...
	},
	{
		// item no. 3
		"key": "decrypted value"
		"value": "decrypted value",
		"description": "decrypted description"
		...
	},
	...
]
 

III. Getting a specific item

Locker CLI can retrieve each individual item by using the subcommand get, along with the --id and --env flags:

locker_secret [secret/environment] get --access-key {access key} --id {item's name} --env {environment name} [common flags]

The output will be in JSON form:

[
	{
		// specified item
		"key": "decrypted value"
		"value": "decrypted value",
		"description": "decrypted description"
		...
	},
]

The purpose of the --env flag is to differentiate different secrets with the same key

 

IV. Create an item

Locker CLI can create a new secret/environment item by the create subcommand, with data supplied by the --data flag, the data must be in JSON form with the double quotes escaped by the backward slash \ and enclosed in double quotes:

locker_secret [secret/environment] create --access-key {access key} --data "{\"key/name\": \"DATA\", \"value/external_url\": \"DATA\", \"description\": \"DATA\"}" [common flags]

The output will be in JSON form:

[
	{
		// specified item
		"key": "decrypted new value"
		"value": "decrypted new value",
		"description": "decrypted new description"
		...
	},
]
 

V. Edit an item

Locker CLI can edit the information of a secret/environment item by the update subcommand, with the --id and --env flags specifying the item to be edited and data supplied by the --data flag, the data must be in JSON form with the double quotes escaped by the backward slash \ and enclosed in double quotes:

locker_secret [secret/environment] update --access-key {access key} --id {targeted item name} --env {targeted item environement} --data "{\"key/name\": \"DATA\", \"value/external_url\": \"DATA\", \"description\": \"DATA\"}" [common flags]

The output will be in JSON form:

[
	{
		// specified item
		"key": "decrypted updated value",
		"value": "decrypted updated value",
		"description": "decrypted updated description"
		...
	},
]

For the secret subcommand, the data is expected to be in the form:

Was this page helpful?
No
Yes
Join Our Community