barbican

acl delete

Delete ACLs for a secret or container as identified by its href.

openstack acl delete URI
URI

The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl get

Retrieve ACLs for a secret or container by providing its href.

openstack acl get [--sort-column SORT_COLUMN] URI
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

URI

The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl submit

Submit ACL on a secret or container as identified by its href.

openstack acl submit
    [--sort-column SORT_COLUMN]
    [--user [USERS]]
    [--project-access | --no-project-access]
    [--operation-type {read}]
    URI
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--user <USERS>, -u <USERS>

Keystone userid(s) for ACL.

--project-access

Flag to enable project access behavior.

--no-project-access

Flag to disable project access behavior.

--operation-type <OPERATION_TYPE>, -o <OPERATION_TYPE>

Type of Barbican operation ACL is set for

URI

The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl user add

Add ACL users to a secret or container as identified by its href.

openstack acl user add
    [--sort-column SORT_COLUMN]
    [--user [USERS]]
    [--project-access | --no-project-access]
    [--operation-type {read}]
    URI
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--user <USERS>, -u <USERS>

Keystone userid(s) for ACL.

--project-access

Flag to enable project access behavior.

--no-project-access

Flag to disable project access behavior.

--operation-type <OPERATION_TYPE>, -o <OPERATION_TYPE>

Type of Barbican operation ACL is set for

URI

The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl user remove

Remove ACL users from a secret or container as identified by its href.

openstack acl user remove
    [--sort-column SORT_COLUMN]
    [--user [USERS]]
    [--project-access | --no-project-access]
    [--operation-type {read}]
    URI
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--user <USERS>, -u <USERS>

Keystone userid(s) for ACL.

--project-access

Flag to enable project access behavior.

--no-project-access

Flag to disable project access behavior.

--operation-type <OPERATION_TYPE>, -o <OPERATION_TYPE>

Type of Barbican operation ACL is set for

URI

The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

ca get

Retrieve a CA by providing its URI.

openstack ca get URI
URI

The URI reference for the CA.

This command is provided by the python-barbicanclient plugin.

ca list

List CAs.

openstack ca list
    [--sort-column SORT_COLUMN]
    [--limit LIMIT]
    [--offset OFFSET]
    [--name NAME]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--limit <LIMIT>, -l <LIMIT>

specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>

specify the page offset (default: %(default)s)

--name <NAME>, -n <NAME>

specify the ca name (default: %(default)s)

This command is provided by the python-barbicanclient plugin.

secret container create

Store a container in Barbican.

openstack secret container create
    [--name NAME]
    [--type TYPE]
    [--secret SECRET]
--name <NAME>, -n <NAME>

a human-friendly name.

--type <TYPE>

type of container to create (default: %(default)s).

--secret <SECRET>, -s <SECRET>

one secret to store in a container (can be set multiple times). Example: –secret “private_key=https://url.test/v1/secrets/1-2-3-4”

This command is provided by the python-barbicanclient plugin.

secret container delete

Delete a container by providing its href.

openstack secret container delete URI
URI

The URI reference for the container

This command is provided by the python-barbicanclient plugin.

secret container get

Retrieve a container by providing its URI.

openstack secret container get URI
URI

The URI reference for the container.

This command is provided by the python-barbicanclient plugin.

secret container list

List containers.

openstack secret container list
    [--sort-column SORT_COLUMN]
    [--limit LIMIT]
    [--offset OFFSET]
    [--name NAME]
    [--type TYPE]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--limit <LIMIT>, -l <LIMIT>

specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>

specify the page offset (default: %(default)s)

--name <NAME>, -n <NAME>

specify the container name (default: %(default)s)

--type <TYPE>, -t <TYPE>

specify the type filter for the list (default: %(default)s).

This command is provided by the python-barbicanclient plugin.

secret delete

Delete a secret by providing its URI.

openstack secret delete URI
URI

The URI reference for the secret

This command is provided by the python-barbicanclient plugin.

secret get

Retrieve a secret by providing its URI.

openstack secret get
    [--decrypt | --payload | --file <filename>]
    [--payload_content_type PAYLOAD_CONTENT_TYPE]
    URI
--decrypt, -d

if specified, retrieve the unencrypted secret data.

--payload, -p

if specified, retrieve the unencrypted secret data.

--file <filename>, -F <filename>

if specified, save the payload to a new file with the given filename.

--payload_content_type <PAYLOAD_CONTENT_TYPE>, -t <PAYLOAD_CONTENT_TYPE>

the content type of the decrypted secret (default: %(default)s).

URI

The URI reference for the secret.

This command is provided by the python-barbicanclient plugin.

secret list

List secrets.

openstack secret list
    [--sort-column SORT_COLUMN]
    [--limit LIMIT]
    [--offset OFFSET]
    [--name NAME]
    [--algorithm ALGORITHM]
    [--bit-length BIT_LENGTH]
    [--mode MODE]
    [--secret-type SECRET_TYPE]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--limit <LIMIT>, -l <LIMIT>

specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>

specify the page offset (default: %(default)s)

--name <NAME>, -n <NAME>

specify the secret name (default: %(default)s)

--algorithm <ALGORITHM>, -a <ALGORITHM>

the algorithm filter for the list(default: %(default)s).

--bit-length <BIT_LENGTH>, -b <BIT_LENGTH>

the bit length filter for the list (default: %(default)s).

--mode <MODE>, -m <MODE>

the algorithm mode filter for the list (default: %(default)s).

--secret-type <SECRET_TYPE>, -s <SECRET_TYPE>

specify the secret type (default: %(default)s).

This command is provided by the python-barbicanclient plugin.

secret order create

Create a new order.

openstack secret order create
    [--name NAME]
    [--algorithm ALGORITHM]
    [--bit-length BIT_LENGTH]
    [--mode MODE]
    [--payload-content-type PAYLOAD_CONTENT_TYPE]
    [--expiration EXPIRATION]
    [--request-type REQUEST_TYPE]
    [--subject-dn SUBJECT_DN]
    [--source-container-ref SOURCE_CONTAINER_REF]
    [--ca-id CA_ID]
    [--profile PROFILE]
    [--request-file REQUEST_FILE]
    type
--name <NAME>, -n <NAME>

a human-friendly name.

--algorithm <ALGORITHM>, -a <ALGORITHM>

the algorithm to be used with the requested key (default: %(default)s).

--bit-length <BIT_LENGTH>, -b <BIT_LENGTH>

the bit length of the requested secret key (default: %(default)s).

--mode <MODE>, -m <MODE>

the algorithm mode to be used with the requested key (default: %(default)s).

--payload-content-type <PAYLOAD_CONTENT_TYPE>, -t <PAYLOAD_CONTENT_TYPE>

the type/format of the secret to be generated (default: %(default)s).

--expiration <EXPIRATION>, -x <EXPIRATION>

the expiration time for the secret in ISO 8601 format.

--request-type <REQUEST_TYPE>

the type of the certificate request.

--subject-dn <SUBJECT_DN>

the subject of the certificate.

--source-container-ref <SOURCE_CONTAINER_REF>

the source of the certificate when using stored-key requests.

--ca-id <CA_ID>

the identifier of the CA to use for the certificate request.

--profile <PROFILE>

the profile of certificate to use.

--request-file <REQUEST_FILE>

the file containing the CSR.

type

the type of the order (key, asymmetric, certificate) to create.

This command is provided by the python-barbicanclient plugin.

secret order delete

Delete an order by providing its href.

openstack secret order delete URI
URI

The URI reference for the order

This command is provided by the python-barbicanclient plugin.

secret order get

Retrieve an order by providing its URI.

openstack secret order get URI
URI

The URI reference order.

This command is provided by the python-barbicanclient plugin.

secret order list

List orders.

openstack secret order list
    [--sort-column SORT_COLUMN]
    [--limit LIMIT]
    [--offset OFFSET]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--limit <LIMIT>, -l <LIMIT>

specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>

specify the page offset (default: %(default)s)

This command is provided by the python-barbicanclient plugin.

secret store

Store a secret in Barbican.

openstack secret store
    [--name NAME]
    [--secret-type SECRET_TYPE]
    [--payload-content-type PAYLOAD_CONTENT_TYPE]
    [--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
    [--algorithm ALGORITHM]
    [--bit-length BIT_LENGTH]
    [--mode MODE]
    [--expiration EXPIRATION]
    [--payload PAYLOAD | --file <filename>]
--name <NAME>, -n <NAME>

a human-friendly name.

--secret-type <SECRET_TYPE>, -s <SECRET_TYPE>

the secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default)

--payload-content-type <PAYLOAD_CONTENT_TYPE>, -t <PAYLOAD_CONTENT_TYPE>

the type/format of the provided secret data; “text/plain” is assumed to be UTF-8; required when –payload is supplied.

--payload-content-encoding <PAYLOAD_CONTENT_ENCODING>, -e <PAYLOAD_CONTENT_ENCODING>

required if –payload-content-type is “application/octet-stream”.

--algorithm <ALGORITHM>, -a <ALGORITHM>

the algorithm (default: %(default)s).

--bit-length <BIT_LENGTH>, -b <BIT_LENGTH>

the bit length (default: %(default)s).

--mode <MODE>, -m <MODE>

the algorithm mode; used only for reference (default: %(default)s)

--expiration <EXPIRATION>, -x <EXPIRATION>

the expiration time for the secret in ISO 8601 format.

--payload <PAYLOAD>, -p <PAYLOAD>

the unencrypted secret data.

--file <filename>, -F <filename>

file containing the secret payload

This command is provided by the python-barbicanclient plugin.

secret update

Update a secret with no payload in Barbican.

openstack secret update URI payload
URI

The URI reference for the secret.

payload

the unencrypted secret

This command is provided by the python-barbicanclient plugin.