Secret Commands

The OLP CLI supports the following functionality for third party secret management:

secret create

Creates a secret.

olp secret create [command options]

Required parameters:

  • <secret name> The name of an third party secret.
  • <filename> The file path to the third party secret content in plain text.
  • <type> The type of the third party secret. Must be either 'custom' or 'aws'.

Optional parameters:

  • --expires <yyyy-MM-ddTHH:mm:ss> The expiration date of a secret. The timestamp must match the ISO-8601 format yyyy-MM-ddTHH:mm:ss. For example, '2020-12-23T02:24:00.000Z'. If not specified, the secret doesn't expire.
  • --grant-read-to <hrn> Grant read access for the secret to the specified app HRN. To get an app's HRN, use the app show command.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Display the command's result in JSON format.
  • --quiet Display an empty output skipping additional information.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below creates a third party secret:

Linux
Windows
olp secret create my-key-1234 ~/.aws/my-aws-secrets.txt aws
olp secret create my-key-1234 C:\Users\username\.aws\my-aws-secrets.txt aws

Output:


Secret hrn:here:here:account::myrealm:secret/my-key-1234 has been created.

secret delete

Deletes a secret.

olp secret delete [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Display an empty output skipping additional information.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below deletes a third party secret:


olp secret delete hrn:here:here:account::myrealm:secret/my-key-1234

Output:


Secret hrn:here:here:account::myrealm:secret/my-key-1234 has been deleted.

secret disable

Disables a secret.

olp secret disable [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Display an empty output skipping additional information.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below disables a third party secret:


olp secret disable hrn:here:here:account::myrealm:secret/my-key-1234

Output:


Secret hrn:here:here:account::myrealm:secret/my-key-1234 has been disabled.

secret enable

Enables a secret.

olp secret enable [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Display an empty output skipping additional information.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below enables a third party secret:


olp secret enable hrn:here:here:account::myrealm:secret/my-key-1234

Output:


Secret hrn:here:here:account::myrealm:secret/my-key-1234 has been enabled.

secret list

Lists secrets accessible to the caller.

olp secret list [command options]

Optional parameters:

  • --enabled <true|false> If set to true, only enabled secrets are returned. If not specified, all secrets are returned.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Display the command's result in JSON format.
  • --quiet Display an empty output skipping additional information.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below lists all your third party secrets:

olp secret list --json

Output:


{"secrets": [{
    "id": "my-key-1234",
    "type": "aws",
    "filename": "credentials",
    "name": "external key example",
    "hrn": "hrn:here:here:account::myrealm:secret/my-key-1234",
    "sha256": "C01DCECC41CA1E27BB0D41B089528D6D15443AF24E710A005BB2372CD107474E",
    "enabled": true,
    "created": "2020-10-09T07:32:00.000Z",
    "modified": "2020-10-09T07:32:00.000Z",
    "expires": "2020-12-28T02:24:00.000Z"
}]}

secret update

Updates a secret.

olp secret update [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --name <secret name> The name of the third party secret.
  • --type <custom|aws> The type of the third party secret. Must be either 'custom' or 'aws'.
  • --filename <path to secret content> The file path to the third party secret content in plain text.
  • --expires <yyyy-MM-ddTHH:mm:ss> The expiration date of a secret. The timestamp must match the ISO-8601 format yyyy-MM-ddTHH:mm:ss. For example, '2020-12-23T02:24:00.000Z'.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Display the command's result in JSON format.
  • --quiet Display an empty output skipping additional information.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below updates the name of a third party secret:


olp secret update hrn:here:here:account::myrealm:secret/my-key-1234 -name new-name

Output:


Secret hrn:here:here:account::myrealm:secret/my-key-1234 has been updated.

results matching ""

    No results matching ""