Custodia commands

custodia server

Custodia server

usage: custodia [-h] [--debug] [--instance INSTANCE] [configfile]

Positional Arguments

configfile Path to custodia server config (default: /etc/custodia/{instance}/custodia.conf)

Named Arguments

--debug

Debug mode

Default: False

--instance Instance name

custodia client

Custodia command line interface

usage: custodia-cli [-h] [--server SERVER | --instance INSTANCE]
                    [--uds-urlpath UDS_URLPATH] [--header HEADER] [--verbose]
                    [--debug] [--timeout TIMEOUT] [--cafile CAFILE]
                    [--certfile CERTFILE] [--keyfile KEYFILE] [--gssapi]
                    {mkdir,rmdir,ls,get,set,del,plugins} ...

Named Arguments

--server Custodia server location, supports http://, https://, or path to a unix socket.
--instance

Instance name (default: CUSTODIA_INSTANCE or ‘custodia’)

Default: custodia

--uds-urlpath

URL path for Unix Domain Socket

Default: “/secrets/”

--header Extra headers
--verbose Default: False
--debug Default: False
--timeout

Connection timeout

Default: 10.0

--cafile PEM encoded file with root CAs

TLS client cert auth

--certfile PEM encoded file with certs for TLS client authentication
--keyfile PEM encoded key file (if not given, key is read from certfile)

GSSAPI auth

--gssapi

Use Negotiate / GSSAPI auth

Default: False

Sub-commands:

mkdir

Create a container

custodia-cli mkdir [-h] name
Positional Arguments
name key

rmdir

Delete a container

custodia-cli rmdir [-h] name
Positional Arguments
name key

ls

List content of a container

custodia-cli ls [-h] name
Positional Arguments
name key

get

Get secret

custodia-cli get [-h] name
Positional Arguments
name key

set

Set secret

custodia-cli set [-h] name value
Positional Arguments
name key
value value

del

Delete a secret

custodia-cli del [-h] name
Positional Arguments
name key

plugins

List plugins

custodia-cli plugins [-h] [--verbose]
Named Arguments
--verbose

Verbose mode, show failing plugins.

Default: False