kms dynamic-secrets
Perform dynamic secret operations directly with the CLI
kms dynamic-secretsDescription
Dynamic secrets are unique secrets generated on demand based on the provided configuration settings. For more details, refer to dynamics secrets section.
This command enables you to perform list, lease, renew lease, and revoke lease operations on dynamic secrets within your Hanzo KMS project.
Sub-commands
Use this command to print out all of the dynamic secrets in your project.
$ kms dynamic-secretsEnvironment variables
Used to fetch dynamic secrets via a machine identity instead of logged-in credentials. Simply, export this variable in the terminal before running this command.
# Example
export INFISICAL_TOKEN=$(kms login --method=universal-auth --client-id=<identity-client-id> --client-secret=<identity-client-secret> --silent --plain) # --plain flag will output only the token, so it can be fed to an environment variable. --silent will disable any update messages.Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
To use, simply export this variable in the terminal before running this command.
# Example
export INFISICAL_DISABLE_UPDATE_CHECK=trueFlags
The project ID to fetch dynamic secrets from.
# Example
kms dynamic-secrets --projectId=<project-id>The project slug to fetch dynamic secrets from.
# Example
kms dynamic-secrets --project-slug=<project-slug>The authenticated token to fetch dynamic secrets from. This is required when using a machine identity to authenticate.
# Example
kms dynamic-secrets --token=<token>Used to select the environment name on which actions should be taken. Default
value: dev
Use to select the project folder on which dynamic secrets will be accessed.
# Example
kms dynamic-secrets --path="/" --env=devThis command is used to create a new lease for a dynamic secret.
$ kms dynamic-secrets lease create <dynamic-secret-name>Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --plain flag will output dynamic secret lease credentials values without formatting, one per line.
Default value: false
# Example
kms dynamic-secrets lease create dynamic-secret-postgres --plainThe --path flag indicates which project folder dynamic secrets will be injected from.
# Example
kms dynamic-secrets lease create <dynamic-secret-name> --path="/" --env=devThe project ID of the dynamic secrets to lease from.
# Example
kms dynamic-secrets lease create <dynamic-secret-name> --projectId=<project-id>The project slug of the dynamic secrets to lease from.
# Example
kms dynamic-secrets lease create <dynamic-secret-name> --project-slug=<project-slug>The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
kms dynamic-secrets lease create <dynamic-secret-name> --token=<token>The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
# Example
kms dynamic-secrets lease create <dynamic-secret-name> --ttl=<ttl>Provider-specific flags
The following flags are specific to certain providers or integrations:
The namespace to create the lease in. Only used for Kubernetes dynamic secrets.
# Example
kms dynamic-secrets lease create <dynamic-secret-name> --kubernetes-namespace=<namespace>This command is used to list leases for a dynamic secret.
$ kms dynamic-secrets lease list <dynamic-secret-name>Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --path flag indicates which project folder dynamic secrets will be injected from.
# Example
kms dynamic-secrets lease list <dynamic-secret-name> --path="/" --env=devThe project ID of the dynamic secrets to list leases from.
# Example
kms dynamic-secrets lease list <dynamic-secret-name> --projectId=<project-id>The project slug of the dynamic secrets to list leases from.
# Example
kms dynamic-secrets lease list <dynamic-secret-name> --project-slug=<project-slug>The authenticated token to list dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
kms dynamic-secrets lease list <dynamic-secret-name> --token=<token>This command is used to renew a lease before it expires.
$ kms dynamic-secrets lease renew <lease-id>Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --path flag indicates which project folder dynamic secrets will be renewed from.
# Example
kms dynamic-secrets lease renew <lease-id> --path="/" --env=devThe project ID of the dynamic secret to lease from.
# Example
kms dynamic-secrets lease renew <lease-id> --projectId=<project-id>The project slug of the dynamic secret to lease from.
# Example
kms dynamic-secrets lease renew <lease-id> --project-slug=<project-slug>The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
kms dynamic-secrets lease renew <lease-id> --token=<token>The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
# Example
kms dynamic-secrets lease renew <lease-id> --ttl=<ttl>This command is used to delete a lease.
$ kms dynamic-secrets lease delete <lease-id>Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --path flag indicates which project folder dynamic secrets will be deleted from.
# Example
kms dynamic-secrets lease delete <lease-id> --path="/" --env=devThe project ID of the dynamic secret to delete lease from.
# Example
kms dynamic-secrets lease delete <lease-id> --projectId=<project-id>The project slug of the dynamic secret to delete lease from.
# Example
kms dynamic-secrets lease delete <lease-id> --project-slug=<project-slug>The authenticated token to delete dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
kms dynamic-secrets lease delete <lease-id> --token=<token>How is this guide?
Last updated on