barbican¶
acl delete¶
Delete ACLs for a secret or container as identified by its href.
openstack acl delete URI
-
URI
¶
The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
acl get¶
Retrieve ACLs for a secret or container by providing its href.
openstack acl get [--sort-column SORT_COLUMN] URI
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
URI
¶
The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
acl submit¶
Submit ACL on a secret or container as identified by its href.
openstack acl submit
[--sort-column SORT_COLUMN]
[--user [USERS]]
[--project-access | --no-project-access]
[--operation-type {read}]
URI
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--user
<USERS>
,
-u
<USERS>
¶ Keystone userid(s) for ACL.
-
--project-access
¶
Flag to enable project access behavior.
-
--no-project-access
¶
Flag to disable project access behavior.
-
--operation-type
<OPERATION_TYPE>
,
-o
<OPERATION_TYPE>
¶ Type of Barbican operation ACL is set for
-
URI
¶
The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
acl user add¶
Add ACL users to a secret or container as identified by its href.
openstack acl user add
[--sort-column SORT_COLUMN]
[--user [USERS]]
[--project-access | --no-project-access]
[--operation-type {read}]
URI
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--user
<USERS>
,
-u
<USERS>
¶ Keystone userid(s) for ACL.
-
--project-access
¶
Flag to enable project access behavior.
-
--no-project-access
¶
Flag to disable project access behavior.
-
--operation-type
<OPERATION_TYPE>
,
-o
<OPERATION_TYPE>
¶ Type of Barbican operation ACL is set for
-
URI
¶
The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
acl user remove¶
Remove ACL users from a secret or container as identified by its href.
openstack acl user remove
[--sort-column SORT_COLUMN]
[--user [USERS]]
[--project-access | --no-project-access]
[--operation-type {read}]
URI
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--user
<USERS>
,
-u
<USERS>
¶ Keystone userid(s) for ACL.
-
--project-access
¶
Flag to enable project access behavior.
-
--no-project-access
¶
Flag to disable project access behavior.
-
--operation-type
<OPERATION_TYPE>
,
-o
<OPERATION_TYPE>
¶ Type of Barbican operation ACL is set for
-
URI
¶
The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
ca get¶
Retrieve a CA by providing its URI.
openstack ca get URI
-
URI
¶
The URI reference for the CA.
This command is provided by the python-barbicanclient plugin.
ca list¶
List CAs.
openstack ca list
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
[--name NAME]
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--limit
<LIMIT>
,
-l
<LIMIT>
¶ specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
-
--offset
<OFFSET>
,
-o
<OFFSET>
¶ specify the page offset (default: %(default)s)
-
--name
<NAME>
,
-n
<NAME>
¶ specify the ca name (default: %(default)s)
This command is provided by the python-barbicanclient plugin.
secret container create¶
Store a container in Barbican.
openstack secret container create
[--name NAME]
[--type TYPE]
[--secret SECRET]
-
--name
<NAME>
,
-n
<NAME>
¶ a human-friendly name.
-
--type
<TYPE>
¶ type of container to create (default: %(default)s).
-
--secret
<SECRET>
,
-s
<SECRET>
¶ one secret to store in a container (can be set multiple times). Example: –secret “private_key=https://url.test/v1/secrets/1-2-3-4”
This command is provided by the python-barbicanclient plugin.
secret container delete¶
Delete a container by providing its href.
openstack secret container delete URI
-
URI
¶
The URI reference for the container
This command is provided by the python-barbicanclient plugin.
secret container get¶
Retrieve a container by providing its URI.
openstack secret container get URI
-
URI
¶
The URI reference for the container.
This command is provided by the python-barbicanclient plugin.
secret container list¶
List containers.
openstack secret container list
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
[--name NAME]
[--type TYPE]
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--limit
<LIMIT>
,
-l
<LIMIT>
¶ specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
-
--offset
<OFFSET>
,
-o
<OFFSET>
¶ specify the page offset (default: %(default)s)
-
--name
<NAME>
,
-n
<NAME>
¶ specify the container name (default: %(default)s)
-
--type
<TYPE>
,
-t
<TYPE>
¶ specify the type filter for the list (default: %(default)s).
This command is provided by the python-barbicanclient plugin.
secret delete¶
Delete a secret by providing its URI.
openstack secret delete URI
-
URI
¶
The URI reference for the secret
This command is provided by the python-barbicanclient plugin.
secret get¶
Retrieve a secret by providing its URI.
openstack secret get
[--decrypt | --payload | --file <filename>]
[--payload_content_type PAYLOAD_CONTENT_TYPE]
URI
-
--decrypt
,
-d
¶
if specified, retrieve the unencrypted secret data.
-
--payload
,
-p
¶
if specified, retrieve the unencrypted secret data.
-
--file
<filename>
,
-F
<filename>
¶ if specified, save the payload to a new file with the given filename.
-
--payload_content_type
<PAYLOAD_CONTENT_TYPE>
,
-t
<PAYLOAD_CONTENT_TYPE>
¶ the content type of the decrypted secret (default: %(default)s).
-
URI
¶
The URI reference for the secret.
This command is provided by the python-barbicanclient plugin.
secret list¶
List secrets.
openstack secret list
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
[--name NAME]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH]
[--mode MODE]
[--secret-type SECRET_TYPE]
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--limit
<LIMIT>
,
-l
<LIMIT>
¶ specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
-
--offset
<OFFSET>
,
-o
<OFFSET>
¶ specify the page offset (default: %(default)s)
-
--name
<NAME>
,
-n
<NAME>
¶ specify the secret name (default: %(default)s)
-
--algorithm
<ALGORITHM>
,
-a
<ALGORITHM>
¶ the algorithm filter for the list(default: %(default)s).
-
--bit-length
<BIT_LENGTH>
,
-b
<BIT_LENGTH>
¶ the bit length filter for the list (default: %(default)s).
-
--mode
<MODE>
,
-m
<MODE>
¶ the algorithm mode filter for the list (default: %(default)s).
-
--secret-type
<SECRET_TYPE>
,
-s
<SECRET_TYPE>
¶ specify the secret type (default: %(default)s).
This command is provided by the python-barbicanclient plugin.
secret order create¶
Create a new order.
openstack secret order create
[--name NAME]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH]
[--mode MODE]
[--payload-content-type PAYLOAD_CONTENT_TYPE]
[--expiration EXPIRATION]
[--request-type REQUEST_TYPE]
[--subject-dn SUBJECT_DN]
[--source-container-ref SOURCE_CONTAINER_REF]
[--ca-id CA_ID]
[--profile PROFILE]
[--request-file REQUEST_FILE]
type
-
--name
<NAME>
,
-n
<NAME>
¶ a human-friendly name.
-
--algorithm
<ALGORITHM>
,
-a
<ALGORITHM>
¶ the algorithm to be used with the requested key (default: %(default)s).
-
--bit-length
<BIT_LENGTH>
,
-b
<BIT_LENGTH>
¶ the bit length of the requested secret key (default: %(default)s).
-
--mode
<MODE>
,
-m
<MODE>
¶ the algorithm mode to be used with the requested key (default: %(default)s).
-
--payload-content-type
<PAYLOAD_CONTENT_TYPE>
,
-t
<PAYLOAD_CONTENT_TYPE>
¶ the type/format of the secret to be generated (default: %(default)s).
-
--expiration
<EXPIRATION>
,
-x
<EXPIRATION>
¶ the expiration time for the secret in ISO 8601 format.
-
--request-type
<REQUEST_TYPE>
¶ the type of the certificate request.
-
--subject-dn
<SUBJECT_DN>
¶ the subject of the certificate.
-
--source-container-ref
<SOURCE_CONTAINER_REF>
¶ the source of the certificate when using stored-key requests.
-
--ca-id
<CA_ID>
¶ the identifier of the CA to use for the certificate request.
-
--profile
<PROFILE>
¶ the profile of certificate to use.
-
--request-file
<REQUEST_FILE>
¶ the file containing the CSR.
-
type
¶
the type of the order (key, asymmetric, certificate) to create.
This command is provided by the python-barbicanclient plugin.
secret order delete¶
Delete an order by providing its href.
openstack secret order delete URI
-
URI
¶
The URI reference for the order
This command is provided by the python-barbicanclient plugin.
secret order get¶
Retrieve an order by providing its URI.
openstack secret order get URI
-
URI
¶
The URI reference order.
This command is provided by the python-barbicanclient plugin.
secret order list¶
List orders.
openstack secret order list
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--limit
<LIMIT>
,
-l
<LIMIT>
¶ specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
-
--offset
<OFFSET>
,
-o
<OFFSET>
¶ specify the page offset (default: %(default)s)
This command is provided by the python-barbicanclient plugin.
secret store¶
Store a secret in Barbican.
openstack secret store
[--name NAME]
[--secret-type SECRET_TYPE]
[--payload-content-type PAYLOAD_CONTENT_TYPE]
[--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH]
[--mode MODE]
[--expiration EXPIRATION]
[--payload PAYLOAD | --file <filename>]
-
--name
<NAME>
,
-n
<NAME>
¶ a human-friendly name.
-
--secret-type
<SECRET_TYPE>
,
-s
<SECRET_TYPE>
¶ the secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default)
-
--payload-content-type
<PAYLOAD_CONTENT_TYPE>
,
-t
<PAYLOAD_CONTENT_TYPE>
¶ the type/format of the provided secret data; “text/plain” is assumed to be UTF-8; required when –payload is supplied.
-
--payload-content-encoding
<PAYLOAD_CONTENT_ENCODING>
,
-e
<PAYLOAD_CONTENT_ENCODING>
¶ required if –payload-content-type is “application/octet-stream”.
-
--algorithm
<ALGORITHM>
,
-a
<ALGORITHM>
¶ the algorithm (default: %(default)s).
-
--bit-length
<BIT_LENGTH>
,
-b
<BIT_LENGTH>
¶ the bit length (default: %(default)s).
-
--mode
<MODE>
,
-m
<MODE>
¶ the algorithm mode; used only for reference (default: %(default)s)
-
--expiration
<EXPIRATION>
,
-x
<EXPIRATION>
¶ the expiration time for the secret in ISO 8601 format.
-
--payload
<PAYLOAD>
,
-p
<PAYLOAD>
¶ the unencrypted secret data.
-
--file
<filename>
,
-F
<filename>
¶ file containing the secret payload
This command is provided by the python-barbicanclient plugin.