LinuxCommandLibrary

secrethub

Manage secrets securely using SecretHub

TLDR

Print a secret to stdout

$ secrethub read [path/to/secret]
copy

Generate a random value and store it as a new or updated secret
$ secrethub generate [path/to/secret]
copy

Store a value from the clipboard as a new or updated secret
$ secrethub write --clip [path/to/secret]
copy

Store a value supplied on stdin as a new or updated secret
$ echo "[secret_value]" | secrethub write [path/to/secret]
copy

Audit a repository or secret
$ secrethub audit [path/to/repo_or_secret]
copy

SYNOPSIS

secrethub [global options] [command options]

PARAMETERS

--help
    Show help for a command.

--version
    Show the version of the SecretHub CLI.

init
    Initialize SecretHub.

read
    Read the value of a secret at the specified path.

write
    Write a new value to the secret at the specified path.

mkdir
    Create a directory at the specified path.

repo:create /
    Creates a repository within a namespace.

DESCRIPTION

The secrethub command-line interface (CLI) provides a secure and convenient way to manage and access secrets within your applications. It allows you to store sensitive data like API keys, passwords, and configuration settings in a centralized, encrypted vault, and then inject them into your applications at runtime without exposing them directly in your codebase or configuration files.

SecretHub uses end-to-end encryption to protect your secrets from unauthorized access. Only authorized users and applications can decrypt and use the secrets.

With SecretHub, you can improve your application's security posture, simplify secret management, and prevent accidental exposure of sensitive information.

CAVEATS

SecretHub requires an account and proper setup before it can be used. Network connectivity is necessary for accessing and managing secrets stored in the SecretHub vault.

SECRET PATH SYNTAX

Secret paths are hierarchical and resemble file system paths. They are used to organize and locate secrets within the SecretHub vault. For example, `org/my-app/database/password` represents a secret named `password` located within the `database` directory of the `my-app` repository in the `org` namespace.

AUTHENTICATION

SecretHub utilizes cryptographic keys for authentication.
Users generate a keypair, the public key is uploaded to SecretHub, and the private key is used to authenticate the user's commands. This allows for secure access to secrets.

INTEGRATION

The SecretHub CLI can be integrated into CI/CD pipelines, application startup scripts, and other automation workflows to automatically inject secrets into the environment at runtime.

HISTORY

SecretHub is a relatively new command-line tool developed to address the challenges of securely managing secrets in modern applications. It reflects the growing awareness of the importance of secret management in the DevOps and security communities. Its adoption is growing as more developers seek a secure and streamlined way to handle sensitive data.

SEE ALSO

gpg(1), ssh(1)

Copied to clipboard