barbican

updated: 2023-03-02 10:39

barbican¶

acl delete¶

Delete ACLs for a secret or container as identified by its href.

openstack acl delete URI

URI¶: The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl get¶

Retrieve ACLs for a secret or container by providing its href.

openstack acl get
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    URI

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

URI¶: The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl submit¶

Submit ACL on a secret or container as identified by its href.

openstack acl submit
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--user [USERS]]
    [--project-access | --no-project-access]
    [--operation-type {read}]
    URI

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--user <USERS>, -u <USERS>¶: Keystone userid(s) for ACL.

--project-access¶: Flag to enable project access behavior.

--no-project-access¶: Flag to disable project access behavior.

--operation-type <OPERATION_TYPE>, -o <OPERATION_TYPE>¶: Type of Barbican operation ACL is set for

URI¶: The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl user add¶

Add ACL users to a secret or container as identified by its href.

openstack acl user add
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--user [USERS]]
    [--project-access | --no-project-access]
    [--operation-type {read}]
    URI

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--user <USERS>, -u <USERS>¶: Keystone userid(s) for ACL.

--project-access¶: Flag to enable project access behavior.

--no-project-access¶: Flag to disable project access behavior.

--operation-type <OPERATION_TYPE>, -o <OPERATION_TYPE>¶: Type of Barbican operation ACL is set for

URI¶: The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

acl user remove¶

Remove ACL users from a secret or container as identified by its href.

openstack acl user remove
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--user [USERS]]
    [--project-access | --no-project-access]
    [--operation-type {read}]
    URI

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--user <USERS>, -u <USERS>¶: Keystone userid(s) for ACL.

--project-access¶: Flag to enable project access behavior.

--no-project-access¶: Flag to disable project access behavior.

--operation-type <OPERATION_TYPE>, -o <OPERATION_TYPE>¶: Type of Barbican operation ACL is set for

URI¶: The URI reference for the secret or container.

This command is provided by the python-barbicanclient plugin.

ca get¶

Retrieve a CA by providing its URI.

openstack ca get URI

URI¶: The URI reference for the CA.

This command is provided by the python-barbicanclient plugin.

ca list¶

List CAs.

openstack ca list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--limit LIMIT]
    [--offset OFFSET]
    [--name NAME]

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--limit <LIMIT>, -l <LIMIT>¶: specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>¶: specify the page offset (default: %(default)s)

--name <NAME>, -n <NAME>¶: specify the ca name (default: %(default)s)

This command is provided by the python-barbicanclient plugin.

secret container create¶

Store a container in Barbican.

openstack secret container create
    [--name NAME]
    [--type TYPE]
    [--secret SECRET]

--name <NAME>, -n <NAME>¶: a human-friendly name.

--type <TYPE>¶: type of container to create (default: %(default)s).

--secret <SECRET>, -s <SECRET>¶: one secret to store in a container (can be set multiple times). Example: –secret “private_key=https://url.test/v1/secrets/1-2-3-4”

This command is provided by the python-barbicanclient plugin.

secret container delete¶

Delete a container by providing its href.

openstack secret container delete URI

URI¶: The URI reference for the container

This command is provided by the python-barbicanclient plugin.

secret container get¶

Retrieve a container by providing its URI.

openstack secret container get URI

URI¶: The URI reference for the container.

This command is provided by the python-barbicanclient plugin.

secret container list¶

List containers.

openstack secret container list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--limit LIMIT]
    [--offset OFFSET]
    [--name NAME]
    [--type TYPE]

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--limit <LIMIT>, -l <LIMIT>¶: specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>¶: specify the page offset (default: %(default)s)

--name <NAME>, -n <NAME>¶: specify the container name (default: %(default)s)

--type <TYPE>, -t <TYPE>¶: specify the type filter for the list (default: %(default)s).

This command is provided by the python-barbicanclient plugin.

secret delete¶

Delete a secret by providing its URI.

openstack secret delete URI

URI¶: The URI reference for the secret

This command is provided by the python-barbicanclient plugin.

secret get¶

Retrieve a secret by providing its URI.

openstack secret get
    [--decrypt | --payload | --file <filename>]
    [--payload_content_type PAYLOAD_CONTENT_TYPE]
    URI

--decrypt, -d¶: if specified, retrieve the unencrypted secret data.

--payload, -p¶: if specified, retrieve the unencrypted secret data.

--file <filename>, -F <filename>¶: if specified, save the payload to a new file with the given filename.

--payload_content_type <PAYLOAD_CONTENT_TYPE>, -t <PAYLOAD_CONTENT_TYPE>¶: the content type of the decrypted secret (default: %(default)s).

URI¶: The URI reference for the secret.

This command is provided by the python-barbicanclient plugin.

secret list¶

List secrets.

openstack secret list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--limit LIMIT]
    [--offset OFFSET]
    [--name NAME]
    [--algorithm ALGORITHM]
    [--bit-length BIT_LENGTH]
    [--mode MODE]
    [--secret-type SECRET_TYPE]

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--limit <LIMIT>, -l <LIMIT>¶: specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>¶: specify the page offset (default: %(default)s)

--name <NAME>, -n <NAME>¶: specify the secret name (default: %(default)s)

--algorithm <ALGORITHM>, -a <ALGORITHM>¶: the algorithm filter for the list(default: %(default)s).

--bit-length <BIT_LENGTH>, -b <BIT_LENGTH>¶: the bit length filter for the list (default: %(default)s).

--mode <MODE>, -m <MODE>¶: the algorithm mode filter for the list (default: %(default)s).

--secret-type <SECRET_TYPE>, -s <SECRET_TYPE>¶: specify the secret type (default: %(default)s).

This command is provided by the python-barbicanclient plugin.

secret order create¶

Create a new order.

openstack secret order create
    [--name NAME]
    [--algorithm ALGORITHM]
    [--bit-length BIT_LENGTH]
    [--mode MODE]
    [--payload-content-type PAYLOAD_CONTENT_TYPE]
    [--expiration EXPIRATION]
    [--request-type REQUEST_TYPE]
    [--subject-dn SUBJECT_DN]
    [--source-container-ref SOURCE_CONTAINER_REF]
    [--ca-id CA_ID]
    [--profile PROFILE]
    [--request-file REQUEST_FILE]
    type

--name <NAME>, -n <NAME>¶: a human-friendly name.

--algorithm <ALGORITHM>, -a <ALGORITHM>¶: the algorithm to be used with the requested key (default: %(default)s).

--bit-length <BIT_LENGTH>, -b <BIT_LENGTH>¶: the bit length of the requested secret key (default: %(default)s).

--mode <MODE>, -m <MODE>¶: the algorithm mode to be used with the requested key (default: %(default)s).

--payload-content-type <PAYLOAD_CONTENT_TYPE>, -t <PAYLOAD_CONTENT_TYPE>¶: the type/format of the secret to be generated (default: %(default)s).

--expiration <EXPIRATION>, -x <EXPIRATION>¶: the expiration time for the secret in ISO 8601 format.

--request-type <REQUEST_TYPE>¶: the type of the certificate request.

--subject-dn <SUBJECT_DN>¶: the subject of the certificate.

--source-container-ref <SOURCE_CONTAINER_REF>¶: the source of the certificate when using stored-key requests.

--ca-id <CA_ID>¶: the identifier of the CA to use for the certificate request.

--profile <PROFILE>¶: the profile of certificate to use.

--request-file <REQUEST_FILE>¶: the file containing the CSR.

type¶: the type of the order (key, asymmetric, certificate) to create.

This command is provided by the python-barbicanclient plugin.

secret order delete¶

Delete an order by providing its href.

openstack secret order delete URI

URI¶: The URI reference for the order

This command is provided by the python-barbicanclient plugin.

secret order get¶

Retrieve an order by providing its URI.

openstack secret order get URI

URI¶: The URI reference order.

This command is provided by the python-barbicanclient plugin.

secret order list¶

List orders.

openstack secret order list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--limit LIMIT]
    [--offset OFFSET]

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--limit <LIMIT>, -l <LIMIT>¶: specify the limit to the number of items to list per page (default: %(default)s; maximum: 100)

--offset <OFFSET>, -o <OFFSET>¶: specify the page offset (default: %(default)s)

This command is provided by the python-barbicanclient plugin.

secret store¶

Store a secret in Barbican.

openstack secret store
    [--name NAME]
    [--secret-type SECRET_TYPE]
    [--payload-content-type PAYLOAD_CONTENT_TYPE]
    [--payload-content-encoding PAYLOAD_CONTENT_ENCODING]
    [--algorithm ALGORITHM]
    [--bit-length BIT_LENGTH]
    [--mode MODE]
    [--expiration EXPIRATION]
    [--payload PAYLOAD | --file <filename>]

--name <NAME>, -n <NAME>¶: a human-friendly name.

--secret-type <SECRET_TYPE>, -s <SECRET_TYPE>¶: the secret type; must be one of symmetric, public, private, certificate, passphrase, opaque (default)

--payload-content-type <PAYLOAD_CONTENT_TYPE>, -t <PAYLOAD_CONTENT_TYPE>¶: the type/format of the provided secret data; “text/plain” is assumed to be UTF-8; required when –payload is supplied.

--payload-content-encoding <PAYLOAD_CONTENT_ENCODING>, -e <PAYLOAD_CONTENT_ENCODING>¶: required if –payload-content-type is “application/octet-stream”.

--algorithm <ALGORITHM>, -a <ALGORITHM>¶: the algorithm (default: %(default)s).

--bit-length <BIT_LENGTH>, -b <BIT_LENGTH>¶: the bit length (default: %(default)s).

--mode <MODE>, -m <MODE>¶: the algorithm mode; used only for reference (default: %(default)s)

--expiration <EXPIRATION>, -x <EXPIRATION>¶: the expiration time for the secret in ISO 8601 format.

--payload <PAYLOAD>, -p <PAYLOAD>¶: the unencrypted secret data.

--file <filename>, -F <filename>¶: file containing the secret payload

This command is provided by the python-barbicanclient plugin.

secret update¶

Update a secret with no payload in Barbican.

openstack secret update URI payload

URI¶: The URI reference for the secret.

payload¶: the unencrypted secret

This command is provided by the python-barbicanclient plugin.

updated: 2023-03-02 10:39

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

barbican

barbican¶

acl delete¶

acl get¶

acl submit¶

acl user add¶

acl user remove¶

ca get¶

ca list¶

secret container create¶

secret container delete¶

secret container get¶

secret container list¶

secret delete¶

secret get¶

secret list¶

secret order create¶

secret order delete¶

secret order get¶

secret order list¶

secret store¶

secret update¶

python-openstackclient

Page Contents