hci secret echo

hci secret echo [OPTIONS]

Assemble a secret and print it to stdout, ready for inclusion as a value in the secrets.json dict.

Parameters

--json OBJECT_PATH JSON

The value will be exposed in the process list for the command’s short duration. Use --json-env or --json-file on systems that log process information and on multi-user systems.

Parse the JSON argument as JSON and add it at the specified OBJECT_PATH. For example, the options

--json tls.versions '["1.3"]' --json . '{"trustOnFirstUse": false}'

will add a secret with the data object:

{
  "tls": {
    "versions": [
      "1.3"
    ]
  },
  "trustOnFirstUse": false
}

--json-env OBJECT_PATH ENV_NAME

Parse the environment variable ENV_NAME as JSON and add it at the specified OBJECT_PATH.

--json-file OBJECT_PATH FILE

Parse the file content at FILE as JSON and add it at the specified OBJECT_PATH.

--password OBJECT_PATH

Ask for a password on stdin and add it at the specified OBJECT_PATH as a string.

The value must be single-line. Whitespace before and after will be stripped.

For example the options

--password username --password password

will create a session like

Enter value for username:
[user enters asdf]
Enter value for password:
[user enters jkl]

producing a secret with

{
  "kind": "Secret",
  "data": {
    "username": "asdf",
    "password": "jkl"
  }
}

--string OBJECT_PATH STRING

The value will be exposed in the process list for the command’s short duration. Use --string-env or --string-file on systems that log process information and on multi-user systems.

Use STRING as a JSON string value and add it at the specified OBJECT_PATH. For example, the options

--string host db.example.com --string parameters.compatibility classic

will add a secret with the data object:

{
  "parameters": {
    "compatibility": "classic"
  },
  "host": "db.example.com"
}

--string-env OBJECT_PATH ENV_NAME

Use the value of environment variable ENV_NAME as a JSON string value and add it at the specified OBJECT_PATH.

--string-file OBJECT_PATH FILE

Read the file content at FILE, use it as JSON string and add it at the specified OBJECT_PATH.

See also

For a variation of this command that writes to a dotfile for use with hci effect run, see hci secret add.