hci secret add
hci secret add SECRET_NAME [OPTIONS]
Insert a secret into the local secrets.json dotfile, for use with hci effect run.
Based on the current repository branch upstream owner, the appropriate local
secrets.json is selected.
If a secret with the same name already exists, it will not be overwritten and the command will return an exit status of 1.
Parameters
SECRET_NAME
The name of the secret that will be added. These are namespaced per account.
--json OBJECT_PATH JSON
The value will be exposed in the process list for the command’s short duration. Use --json-env or --json-file on systems that log process information and on multi-user systems.
|
Parse the JSON argument as JSON and add it at the specified OBJECT_PATH.
For example, the options
--json tls.versions '["1.3"]' --json . '{"trustOnFirstUse": false}'will add a secret with the data object:
{
"tls": {
"versions": [
"1.3"
]
},
"trustOnFirstUse": false
}--json-env OBJECT_PATH ENV_NAME
Parse the environment variable ENV_NAME as JSON and add it at the specified OBJECT_PATH.
--json-file OBJECT_PATH FILE
Parse the file content at FILE as JSON and add it at the specified OBJECT_PATH.
--password OBJECT_PATH
Ask for a password on stdin and add it at the specified OBJECT_PATH as a string.
The value must be single-line. Whitespace before and after will be stripped.
For example the options
--password username --password passwordwill create a session like
Enter value for username:
[user enters asdf]
Enter value for password:
[user enters jkl]producing a secret with
{
"kind": "Secret",
"data": {
"username": "asdf",
"password": "jkl"
}
}--string OBJECT_PATH STRING
The value will be exposed in the process list for the command’s short duration. Use --string-env or --string-file on systems that log process information and on multi-user systems.
|
Use STRING as a JSON string value and add it at the specified OBJECT_PATH.
For example, the options
--string host db.example.com --string parameters.compatibility classicwill add a secret with the data object:
{
"parameters": {
"compatibility": "classic"
},
"host": "db.example.com"
}--string-env OBJECT_PATH ENV_NAME
Use the value of environment variable ENV_NAME as a JSON string value and add it at the specified OBJECT_PATH.
--string-file OBJECT_PATH FILE
Read the file content at FILE, use it as JSON string and add it at the specified OBJECT_PATH.
--project FORGE/OWNER/REPO
Optional project path, e.g. github/my-org/my-project.
Implicit inputs
This command uses git metadata from the working directory, unless --project FORGE/OWNER/REPO is specified.
The secrets.json path is HERCULES_CI_SECRETS_JSON or it is determined automatically.
See also
For a variation of this command that writes to stdout, see hci secret echo.