FileSystemSecretStore
Realm Operations
Resource path:
/realm-config/secrets/stores/FileSystemSecretStore
Resource version: 1.0
create
Usage
am> create FileSystemSecretStore --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "suffix" : { "title" : "File suffix", "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).", "propertyOrder" : 200, "required" : false, "type" : "string", "exampleValue" : "" }, "format" : { "title" : "File format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "directory" : { "title" : "Directory", "description" : "The directory containing secret files.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete FileSystemSecretStore --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action FileSystemSecretStore --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action FileSystemSecretStore --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action FileSystemSecretStore --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query FileSystemSecretStore --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read FileSystemSecretStore --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update FileSystemSecretStore --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "suffix" : { "title" : "File suffix", "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).", "propertyOrder" : 200, "required" : false, "type" : "string", "exampleValue" : "" }, "format" : { "title" : "File format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "directory" : { "title" : "Directory", "description" : "The directory containing secret files.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" } } }
Global Operations
Resource path:
/global-config/secrets/stores/FileSystemSecretStore
Resource version: 1.0
create
Usage
am> create FileSystemSecretStore --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "directory" : { "title" : "Directory", "description" : "The directory containing secret files.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "suffix" : { "title" : "File suffix", "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).", "propertyOrder" : 200, "required" : false, "type" : "string", "exampleValue" : "" }, "format" : { "title" : "File format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete FileSystemSecretStore --global --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action FileSystemSecretStore --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action FileSystemSecretStore --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action FileSystemSecretStore --global --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query FileSystemSecretStore --global --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read FileSystemSecretStore --global --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update FileSystemSecretStore --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "directory" : { "title" : "Directory", "description" : "The directory containing secret files.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "suffix" : { "title" : "File suffix", "description" : "A suffix to add to the name of each secret to obtain the file name, such as \".txt\" (defaults to no suffix).", "propertyOrder" : 200, "required" : false, "type" : "string", "exampleValue" : "" }, "format" : { "title" : "File format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" } } }