GuidesChangelogData Inspector Library API Reference
Guides
  1. Command Line Interface
  2. OLP CLI Command reference

secret

secret

The OLP CLI supports the following functionality for third party secret management:

secret create

Creates a secret.

olp secret create [command options]

Required parameters:

  • <secret name> The name of an third-party secret.
  • <secret content> The file path to the third-party secret content in plain text.
  • <type> The type of the third-party secret. Must be either 'custom' or 'aws'.

Optional parameters:

  • --expires <yyyy-MM-ddTHH:mm:ss> The expiration date of a secret. The timestamp must match the ISO-8601 format yyyy-MM-ddTHH:mm:ss. For example, '2020-12-23T02:24:00.000Z'. If not specified, the secret doesn't expire.
  • --grant-read-to <hrn> Grants read access to the secret to the specified app or user HRN. To get an app's HRN, use the olp app list command.
  • --filename <file name> A relative file name for the platform to use to write the secret in plain text on the filesystem. The file will be placed in the directory specified by the type property. Defaults to credentials.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below creates a third party secret:

olp secret create my-key-1234 ~/.aws/my-aws-secrets.txt aws
olp secret create my-key-1234 C:\Users\username\.aws\my-aws-secrets.txt aws

Output:

Secret hrn:here:here:account::org:secret/my-key-1234 has been created

secret delete

Deletes a secret.

olp secret delete [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below deletes a third party secret:

olp secret delete hrn:here:here:account::org:secret/my-key-1234

Output:

Secret hrn:here:here:account::org:secret/my-key-1234 has been deleted

secret disable

Disables a secret.

olp secret disable [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below disables a third party secret:

olp secret disable hrn:here:here:account::org:secret/my-key-1234

Output:

Secret hrn:here:here:account::org:secret/my-key-1234 has been disabled

secret enable

Enables a secret.

olp secret enable [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below enables a third party secret:

olp secret enable hrn:here:here:account::org:secret/my-key-1234

Output:

Secret hrn:here:here:account::org:secret/my-key-1234 has been enabled

secret list

Lists secrets accessible to the caller.

olp secret list [command options]

Optional parameters:

  • --enabled <true|false> If set to true, only enabled secrets are returned. If not specified, all secrets are returned.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below lists all your third party secrets:

olp secret list --json

Output:

{"secrets": [{
    "id": "my-key-1234",
    "type": "aws",
    "filename": "credentials",
    "name": "external key example",
    "hrn": "hrn:here:here:account::org:secret/my-key-1234",
    "sha256": "C01DCECC41CA1E27BB0D41B089528D6D15443AF24E710A005BB2372CD107474E",
    "enabled": true,
    "created": "2020-10-09T07:32:00.000Z",
    "modified": "2020-10-09T07:32:00.000Z",
    "expires": "2020-12-28T02:24:00.000Z"
}]}

secret update

Updates a secret.

olp secret update [command options]

Required parameters:

  • <secret HRN> The HRN of the third party secret.

Optional parameters:

  • --name <secret name> The name of the third-party secret.
  • --type <custom|aws> The type of the third-party secret. Must be either 'custom' or 'aws'.
  • --secret-content <path to secret content> The file path to the third-party secret content in plain text.
  • --filename <file name> The relative file name for the platform to use to write the secret in plain text on the filesystem. The file will be placed in the directory specified by the type property. Defaults to credentials.
  • --expires <yyyy-MM-ddTHH:mm:ss> The expiration date of a secret. The timestamp must match the ISO-8601 format yyyy-MM-ddTHH:mm:ss. For example, '2020-12-23T02:24:00.000Z'.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below updates the name of a third party secret:

olp secret update hrn:here:here:account::org:secret/my-key-1234 --name new-name

Output:

Secret hrn:here:here:account::org:secret/my-key-1234 has been updated

Updated 22 days ago