Skip to main content

Manage Secret Stores

Codiac has read-only access to your existing Secrets and Secret stores. It cannot create, edit, or remove Secret values or the Secret store itself. See your cloud service provider for instructions on creating and managing Secrets and Secret stores.

info

Secrets are only stored in your running node, where they are protected with encryption at rest.

Usage and Options

Use codiac secretStore -h to see all the available options:

$ codiac secretStore -h
Upserts a reference to an existing secretStore.

USAGE
  $ codiac secretStore [-u <value>] [-p artifactHub|azure|aws|dockerHub|other] [-s <value>] [-l
    <value>] [-z] [-y    -n <value>] [-h]

FLAGS
  -h, --help                    Show CLI help.
  -l, --location=<value>        The region or data center in which the secret store resides (use the code
                                name, eg: in Aws use 'us-east-1', NOT 'Virginia, US').
  -n, --name=<value>            The resource name of the secret store within the cloud provider
                                subscription.
  -p, --provider=<option>       The cloud provider hosting the secret store.
                                <options: artifactHub|azure|aws|dockerHub|other>
  -s, --subscriptionId=<value>  The id of the cloud provider account in which the secret store resides (in
                                Aws, this is the 'AccountId').
  -u, --url=<value>             The container registry url.
  -y, --silent                  (Optional: defaults to false) Prevents confirmations of user-values that
                                are remembered from prior runs. Requires:
                                registry,storeType,storeName,name
  -z, --toScript                Outputs an assembled command string, NO execution

DESCRIPTION
  Upserts a reference to an existing secretStore.

ALIASES
  $ codiac secretStore

COMMANDS
  secretStore capture  Upserts a reference to an existing secretStore.
  secretStore forget   Removes the reference to the given container registry for the tenant.  Does NOT
                       delete the registry itself.
  secretStore list     Retrieves the list of existing secret stores captured for a given enterprise.

Prerequisites

Add or update a secret store

  1. Use codiac secretStore to add or update a reference to your external Secret store:
codiac secretStore
  1. Follow the prompts to authenticate with your cloud service provider and select the Secret store.

List secret stores

  1. Use codiac secretStore list to list all existing references to Secret stores:
codiac secretStore list

This command lists all existing references to Secret stores:

$ codiac secretStore list 
secretStore|aws|123456|us-west-1 SecretStore on aws (us-west-2)

Forget a secret store

  1. Use codiac secretStore forget to remove a reference to the specified secret store.
tip

This command does not affect the Secret or the Secret store itself. See your cloud service provider for instructions on how to create and manage Secrets and Secret stores.

codiac secretStore forget
  1. Follow the prompts to select the Secret store and confirm the removal of the record.