FileSystemSecretStore

Realm Operations

Resource path:

/realm-config/secrets/stores/FileSystemSecretStore

Resource version: 1.0

create

Usage

am> create FileSystemSecretStore --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "directory" : {
      "title" : "Directory",
      "description" : "The directory containing secret files.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "format" : {
      "title" : "File format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "suffix" : {
      "title" : "File suffix",
      "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).",
      "propertyOrder" : 200,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete FileSystemSecretStore --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action FileSystemSecretStore --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action FileSystemSecretStore --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action FileSystemSecretStore --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query FileSystemSecretStore --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read FileSystemSecretStore --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update FileSystemSecretStore --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "directory" : {
      "title" : "Directory",
      "description" : "The directory containing secret files.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "format" : {
      "title" : "File format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "suffix" : {
      "title" : "File suffix",
      "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).",
      "propertyOrder" : 200,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/secrets/stores/FileSystemSecretStore

Resource version: 1.0

create

Usage

am> create FileSystemSecretStore --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "suffix" : {
      "title" : "File suffix",
      "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).",
      "propertyOrder" : 200,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    },
    "directory" : {
      "title" : "Directory",
      "description" : "The directory containing secret files.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "format" : {
      "title" : "File format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete FileSystemSecretStore --global --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action FileSystemSecretStore --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action FileSystemSecretStore --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action FileSystemSecretStore --global --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query FileSystemSecretStore --global --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read FileSystemSecretStore --global --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update FileSystemSecretStore --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "suffix" : {
      "title" : "File suffix",
      "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).",
      "propertyOrder" : 200,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    },
    "directory" : {
      "title" : "Directory",
      "description" : "The directory containing secret files.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "format" : {
      "title" : "File format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}