Delete ACLs for a secret or container as identified by its href.
openstack acl delete URI
URI
¶The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
Retrieve ACLs for a secret or container by providing its href.
openstack acl get
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
URI
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
URI
¶The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
Submit ACL on a secret or container as identified by its href.
openstack acl submit
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--user [USERS]]
[--project-access | --no-project-access]
[--operation-type {read}]
URI
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--user
<USERS>
,
-u
<USERS>
¶Keystone userid(s) for ACL.
--project-access
¶Flag to enable project access behavior.
--no-project-access
¶Flag to disable project access behavior.
--operation-type
<OPERATION_TYPE>
,
-o
<OPERATION_TYPE>
¶Type of Barbican operation ACL is set for
URI
¶The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
Add ACL users to a secret or container as identified by its href.
openstack acl user add
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--user [USERS]]
[--project-access | --no-project-access]
[--operation-type {read}]
URI
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--user
<USERS>
,
-u
<USERS>
¶Keystone userid(s) for ACL.
--project-access
¶Flag to enable project access behavior.
--no-project-access
¶Flag to disable project access behavior.
--operation-type
<OPERATION_TYPE>
,
-o
<OPERATION_TYPE>
¶Type of Barbican operation ACL is set for
URI
¶The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
Remove ACL users from a secret or container as identified by its href.
openstack acl user remove
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--user [USERS]]
[--project-access | --no-project-access]
[--operation-type {read}]
URI
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--user
<USERS>
,
-u
<USERS>
¶Keystone userid(s) for ACL.
--project-access
¶Flag to enable project access behavior.
--no-project-access
¶Flag to disable project access behavior.
--operation-type
<OPERATION_TYPE>
,
-o
<OPERATION_TYPE>
¶Type of Barbican operation ACL is set for
URI
¶The URI reference for the secret or container.
This command is provided by the python-barbicanclient plugin.
Retrieve a CA by providing its URI.
openstack ca get URI
URI
¶The URI reference for the CA.
This command is provided by the python-barbicanclient plugin.
List CAs.
openstack ca list
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
[--name NAME]
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--limit
<LIMIT>
,
-l
<LIMIT>
¶specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
--offset
<OFFSET>
,
-o
<OFFSET>
¶specify the page offset (default: %(default)s)
--name
<NAME>
,
-n
<NAME>
¶specify the ca name (default: %(default)s)
This command is provided by the python-barbicanclient plugin.
Store a container in Barbican.
openstack secret container create
[--name NAME]
[--type TYPE]
[--secret SECRET]
--name
<NAME>
,
-n
<NAME>
¶a human-friendly name.
--type
<TYPE>
¶type of container to create (default: %(default)s).
--secret
<SECRET>
,
-s
<SECRET>
¶one secret to store in a container (can be set multiple times). Example: –secret “private_key=https://url.test/v1/secrets/1-2-3-4”
This command is provided by the python-barbicanclient plugin.
Delete a container by providing its href.
openstack secret container delete URI
URI
¶The URI reference for the container
This command is provided by the python-barbicanclient plugin.
Retrieve a container by providing its URI.
openstack secret container get URI
URI
¶The URI reference for the container.
This command is provided by the python-barbicanclient plugin.
List containers.
openstack secret container list
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
[--name NAME]
[--type TYPE]
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--limit
<LIMIT>
,
-l
<LIMIT>
¶specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
--offset
<OFFSET>
,
-o
<OFFSET>
¶specify the page offset (default: %(default)s)
--name
<NAME>
,
-n
<NAME>
¶specify the container name (default: %(default)s)
--type
<TYPE>
,
-t
<TYPE>
¶specify the type filter for the list (default: %(default)s).
This command is provided by the python-barbicanclient plugin.
Delete a secret by providing its URI.
openstack secret delete URI
URI
¶The URI reference for the secret
This command is provided by the python-barbicanclient plugin.
Retrieve a secret by providing its URI.
openstack secret get
[--decrypt | --payload | --file <filename>]
[--payload_content_type PAYLOAD_CONTENT_TYPE]
URI
--decrypt
,
-d
¶if specified, retrieve the unencrypted secret data.
--payload
,
-p
¶if specified, retrieve the unencrypted secret data.
--file
<filename>
,
-F
<filename>
¶if specified, save the payload to a new file with the given filename.
--payload_content_type
<PAYLOAD_CONTENT_TYPE>
,
-t
<PAYLOAD_CONTENT_TYPE>
¶the content type of the decrypted secret (default: %(default)s).
URI
¶The URI reference for the secret.
This command is provided by the python-barbicanclient plugin.
List secrets.
openstack secret list
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
[--name NAME]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH]
[--mode MODE]
[--secret-type SECRET_TYPE]
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--limit
<LIMIT>
,
-l
<LIMIT>
¶specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
--offset
<OFFSET>
,
-o
<OFFSET>
¶specify the page offset (default: %(default)s)
--name
<NAME>
,
-n
<NAME>
¶specify the secret name (default: %(default)s)
--algorithm
<ALGORITHM>
,
-a
<ALGORITHM>
¶the algorithm filter for the list(default: %(default)s).
--bit-length
<BIT_LENGTH>
,
-b
<BIT_LENGTH>
¶the bit length filter for the list (default: %(default)s).
--mode
<MODE>
,
-m
<MODE>
¶the algorithm mode filter for the list (default: %(default)s).
--secret-type
<SECRET_TYPE>
,
-s
<SECRET_TYPE>
¶specify the secret type (default: %(default)s).
This command is provided by the python-barbicanclient plugin.
Create a new order.
openstack secret order create
[--name NAME]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH]
[--mode MODE]
[--payload-content-type PAYLOAD_CONTENT_TYPE]
[--expiration EXPIRATION]
[--request-type REQUEST_TYPE]
[--subject-dn SUBJECT_DN]
[--source-container-ref SOURCE_CONTAINER_REF]
[--ca-id CA_ID]
[--profile PROFILE]
[--request-file REQUEST_FILE]
type
--name
<NAME>
,
-n
<NAME>
¶a human-friendly name.
--algorithm
<ALGORITHM>
,
-a
<ALGORITHM>
¶the algorithm to be used with the requested key (default: %(default)s).
--bit-length
<BIT_LENGTH>
,
-b
<BIT_LENGTH>
¶the bit length of the requested secret key (default: %(default)s).
--mode
<MODE>
,
-m
<MODE>
¶the algorithm mode to be used with the requested key (default: %(default)s).
--payload-content-type
<PAYLOAD_CONTENT_TYPE>
,
-t
<PAYLOAD_CONTENT_TYPE>
¶the type/format of the secret to be generated (default: %(default)s).
--expiration
<EXPIRATION>
,
-x
<EXPIRATION>
¶the expiration time for the secret in ISO 8601 format.
--request-type
<REQUEST_TYPE>
¶the type of the certificate request.
--subject-dn
<SUBJECT_DN>
¶the subject of the certificate.
--source-container-ref
<SOURCE_CONTAINER_REF>
¶the source of the certificate when using stored-key requests.
--ca-id
<CA_ID>
¶the identifier of the CA to use for the certificate request.
--profile
<PROFILE>
¶the profile of certificate to use.
--request-file
<REQUEST_FILE>
¶the file containing the CSR.
type
¶the type of the order (key, asymmetric, certificate) to create.
This command is provided by the python-barbicanclient plugin.
Delete an order by providing its href.
openstack secret order delete URI
URI
¶The URI reference for the order
This command is provided by the python-barbicanclient plugin.
Retrieve an order by providing its URI.
openstack secret order get URI
URI
¶The URI reference order.
This command is provided by the python-barbicanclient plugin.
List orders.
openstack secret order list
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--limit LIMIT]
[--offset OFFSET]
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--limit
<LIMIT>
,
-l
<LIMIT>
¶specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)
--offset
<OFFSET>
,
-o
<OFFSET>
¶specify the page offset (default: %(default)s)
This command is provided by the python-barbicanclient plugin.
Store a secret in Barbican.
openstack secret store
[--name NAME]
[--secret-type SECRET_TYPE]
[--payload-content-type PAYLOAD_CONTENT_TYPE]
[--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
[--algorithm ALGORITHM]
[--bit-length BIT_LENGTH]
[--mode MODE]
[--expiration EXPIRATION]
[--payload PAYLOAD | --file <filename>]
--name
<NAME>
,
-n
<NAME>
¶a human-friendly name.
--secret-type
<SECRET_TYPE>
,
-s
<SECRET_TYPE>
¶the secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default)
--payload-content-type
<PAYLOAD_CONTENT_TYPE>
,
-t
<PAYLOAD_CONTENT_TYPE>
¶the type/format of the provided secret data; “text/plain” is assumed to be UTF-8; required when –payload is supplied.
--payload-content-encoding
<PAYLOAD_CONTENT_ENCODING>
,
-e
<PAYLOAD_CONTENT_ENCODING>
¶required if –payload-content-type is “application/octet-stream”.
--algorithm
<ALGORITHM>
,
-a
<ALGORITHM>
¶the algorithm (default: %(default)s).
--bit-length
<BIT_LENGTH>
,
-b
<BIT_LENGTH>
¶the bit length (default: %(default)s).
--mode
<MODE>
,
-m
<MODE>
¶the algorithm mode; used only for reference (default: %(default)s)
--expiration
<EXPIRATION>
,
-x
<EXPIRATION>
¶the expiration time for the secret in ISO 8601 format.
--payload
<PAYLOAD>
,
-p
<PAYLOAD>
¶the unencrypted secret data.
--file
<filename>
,
-F
<filename>
¶file containing the secret payload
This command is provided by the python-barbicanclient plugin.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.