# Usage psonoci (Beta)

The basic command looks like this:

psonoci [OPTIONS] <SUBCOMMAND> [FLAGS]

# General OPTIONS

OPTIONS can either be specified in the command or with environment variables and need to be set in all subcommands (with the exception of help of course). All commands accept the following OPTIONS.

Option Description Environment Variable Required
--api-key-id api key as uuid PSONO_CI_API_KEY_ID yes
--api-secret-key-hex api secret key as 64 byte hex string PSONO_CI_API_SECRET_KEY_HEX yes
--server-url Url of the psono backend server PSONO_CI_SERVER_URL yes
--timeout Connection timeout in seconds [default: 60] PSONO_CI_TIMEOUT no

# General FLAGS

All commands accept the following FLAGS

Option Description
-h, --help Prints help information
-V, --version Prints version information

# Overview Subcommands

psonoci accepts currently the following subcommands.

Option Description
help Prints the help for a specific command.
env-vars get-or-create Get or create the value of a key for a specific environment variables secret.
env-vars update-or-create Update or create env var for a specific secret.
secret get Retrieves a specific secret, identified by its ID.
secret set Updates a specific secret, identified by its ID.
run Spawns a process and pass secrets as environment variables.
config save Saves a config to simplify other commands.

# Example

psonoci help
psonoci secret get --help

# Subcommand help

Used to print the help for a specific command. It can also be passed in as a FLAG with --help

# Example

psonoci help

# Subcommand env-vars get-or-create

Works with secrets of the environment variables data type and is used to get the value of a specific key. The command will always return the first matching key. If the key does not exist it will generate a random string and update the secret accordingly.

# Arguments:

Option Description Required
secret-id The secret's uuid, e.g. 25070c66-8950-4264-9b39-11e6d83312e3 yes
env-var-name The key to search for yes
--password-length <num_chars> The length of the password if it needs to be generated, defaults to 21 no

# Example with environment variables

export PSONO_CI_API_KEY_ID=eaee77c6-169f-4873-9be3-f2613149baa9
export PSONO_CI_API_SECRET_KEY_HEX=c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917
export PSONO_CI_SERVER_URL=https://example.com/server

psonoci env-vars get-or-create eeede220-3e2d-4721-b900-535d9ae34c47 DBPASSWORD

# Example without environment variables

psonoci \
    --api-key-id eaee77c6-169f-4873-9be3-f2613149baa9 \
    --api-secret-key-hex c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917 \
    --server-url https://example.com/server \
    env-vars get-or-create eeede220-3e2d-4721-b900-535d9ae34c47 DBPASSWORD

# Subcommand env-vars update-or-create

Works with secrets of the environment variables data type and is used to update the value of a specific key. The command will always update the first matching key with the provided value. If the key does not exist it will create it. If no value was specified it will generate a random string.

# Arguments:

Option Description Required
secret-id The secret's uuid, e.g. 25070c66-8950-4264-9b39-11e6d83312e3 yes
env-var-name The key to search for yes
env-var-value The new value no
--password-length <num_chars> The length of the password if it needs to be generated, defaults to 21 no

# Example with environment variables

export PSONO_CI_API_KEY_ID=eaee77c6-169f-4873-9be3-f2613149baa9
export PSONO_CI_API_SECRET_KEY_HEX=c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917
export PSONO_CI_SERVER_URL=https://example.com/server

psonoci env-vars update-or-create eeede220-3e2d-4721-b900-535d9ae34c47 DBPASSWORD mySecretPassword

# Example without environment variables

psonoci \
    --api-key-id eaee77c6-169f-4873-9be3-f2613149baa9 \
    --api-secret-key-hex c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917 \
    --server-url https://example.com/server \
    env-vars update-or-create eeede220-3e2d-4721-b900-535d9ae34c47 DBPASSWORD mySecretPassword

# Subcommand secret get

Used to retrieve a specific secret, identified by its ID.

# Arguments:

Option Description
secret-id The secret's uuid, e.g. 25070c66-8950-4264-9b39-11e6d83312e3
secret-value Which secret value to return (json returns all values in a json object). Possible values: json, notes, password, title, url, url_filter, username, gpg_key_email, gpg_key_name, gpg_key_private, gpg_key_public

# Example with environment variables

export PSONO_CI_API_KEY_ID=eaee77c6-169f-4873-9be3-f2613149baa9
export PSONO_CI_API_SECRET_KEY_HEX=c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917
export PSONO_CI_SERVER_URL=https://example.com/server

psonoci secret get 25070c66-8950-4264-9b39-11e6d83312e3 json

# Example without environment variables

psonoci \
    --api-key-id eaee77c6-169f-4873-9be3-f2613149baa9 \
    --api-secret-key-hex c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917 \
    --server-url https://example.com/server \
    secret get 25070c66-8950-4264-9b39-11e6d83312e3 json

# Subcommand secret set

Used to update a specific secret, identified by its ID.

# Arguments:

Option Description
secret-id The secret's uuid, e.g. 25070c66-8950-4264-9b39-11e6d83312e3
secret-value Which secret value-type to set ('json' not yet supported). Possible values: json, notes, password, title, url, url_filter, username, gpg_key_email, gpg_key_name, gpg_key_private, gpg_key_public, secret_type, env_vars
secret-new-value The new value to set for type

# Example with environment variables

export PSONO_CI_API_KEY_ID=eaee77c6-169f-4873-9be3-f2613149baa9
export PSONO_CI_API_SECRET_KEY_HEX=c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917
export PSONO_CI_SERVER_URL=https://example.com/server

psonoci secret set 25070c66-8950-4264-9b39-11e6d83312e3 password newPassword

# Example without environment variables

psonoci \
    --api-key-id eaee77c6-169f-4873-9be3-f2613149baa9 \
    --api-secret-key-hex c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917 \
    --server-url https://example.com/server \
    secret set 25070c66-8950-4264-9b39-11e6d83312e3 password newPassword

# Subcommand run

Spawns processes with environment variables from the api-keys secrets. For this to work you need create an environment variables secret

Create environment variables secret

and then grant access to the api key for the environment variable secret.

Grant access to the environment variables secret

# Arguments:

Option Description
command-values The actual to run e.g. ./some_command --timeout=10

# Example with environment variables

export PSONO_CI_API_KEY_ID=eaee77c6-169f-4873-9be3-f2613149baa9
export PSONO_CI_API_SECRET_KEY_HEX=c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917
export PSONO_CI_SERVER_URL=https://example.com/server

psonoci run -- ./some_command

# Example without environment variables

psonoci \
    --api-key-id eaee77c6-169f-4873-9be3-f2613149baa9 \
    --api-secret-key-hex c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917 \
    --server-url https://example.com/server \
    run -- ./some_command

# Subcommand config save

psonoci can generate a single config file, containing the api key id, secret and server url and later be used to simplify commands.

# Arguments:

Option Description
path Output path where to store the config e.g. /path/to/config.toml

# Example without environment variables

psonoci \
    --api-key-id eaee77c6-169f-4873-9be3-f2613149baa9 \
    --api-secret-key-hex c8321d7a8e5b1f5ec3d969ecb5054c7548a1c709ddab2edae2ff7ff028538917 \
    --server-url https://example.com/server \
    config save /path/to/config.toml

This creates /path/to/config.toml and then can later be passed in as s single parameter

psonoci -c /path/to/config.toml secret get 25070c66-8950-4264-9b39-11e6d83312e3 json

or as an environment variable

export PSONO_CI_CONFIG_PATH="/path/to/config.toml"
psonoci secret get 25070c66-8950-4264-9b39-11e6d83312e3 json