Secrets
Manage secrets
Usage: clan secrets
This subcommand provides an interface to secrets.
Examples
$ clan secrets list [regex]
Will list secrets for all managed machines. It accepts an optional regex, allowing easy filtering of returned secrets.
$ clan secrets get [SECRET]
Will display the content of the specified secret.
For more detailed information, visit: secrets
Secrets get
Usage: clan secrets get
Positional arguments
- secret:
<secret-name>the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups
Usage: clan secrets groups
Commands
Secrets groups add-machine
Usage: clan secrets groups add-machine
Positional arguments
- group: the name of the secret
- machine: the name of the machines to add
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups add-secret
Usage: clan secrets groups add-secret
Positional arguments
- group: the name of the secret
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups add-user
Usage: clan secrets groups add-user
Positional arguments
- group: the name of the secret
- user: the name of the user to add
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups list
Usage: clan secrets groups list
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups remove-machine
Usage: clan secrets groups remove-machine
Positional arguments
- group: the name of the secret
- machine: the name of the machines to remove
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups remove-secret
Usage: clan secrets groups remove-secret
Positional arguments
- group: the name of the secret
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups remove-user
Usage: clan secrets groups remove-user
Positional arguments
- group: the name of the secret
- user: the name of the user to remove
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets import-sops
Usage: clan secrets import-sops
Positional arguments
- sops_file: the sops file to import (- for stdin)
Options
- --input-type: the input type of the sops file (yaml, json, ...). If not specified, it will be guessed from the file extension
- --group: the group to import the secrets to
- --machine: the machine to import the secrets to
- --user: the user to import the secrets to
- --prefix: the prefix to use for the secret names
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets key
Usage: clan secrets key
Commands
Secrets key generate
Generate an age key for the Clan, to use PGP set SOPS_PGP_FP in your environment.
Usage: clan secrets key generate
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets key show
Usage: clan secrets key show
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets key update
Usage: clan secrets key update
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets list
Usage: clan secrets list
Positional arguments
- pattern: a pattern to filter the secrets. All secrets containing the pattern will be listed.
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines
Usage: clan secrets machines
Commands
- add:
- add-secret:
- get:
- list:
- remove:
- remove-secret:
Secrets machines add
Usage: clan secrets machines add
Positional arguments
- machine: the name of the machine
- key: public or private age key of the machine
Options
- -f, --force: overwrite existing machine
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines add-secret
Usage: clan secrets machines add-secret
Positional arguments
- machine: the name of the machine
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines get
Usage: clan secrets machines get
Positional arguments
- machine: the name of the machine
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines list
Usage: clan secrets machines list
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines remove
Usage: clan secrets machines remove
Positional arguments
- machine: the name of the machine
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines remove-secret
Usage: clan secrets machines remove-secret
Positional arguments
- machine: the name of the machine
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets remove
Usage: clan secrets remove
Positional arguments
- secret:
<secret-name>the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets rename
Usage: clan secrets rename
Positional arguments
- secret:
<secret-name>the name of the secret - new_name: the new name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets set
Usage: clan secrets set
Positional arguments
- secret:
<secret-name>the name of the secret
Options
- --group: the group to import the secrets to (can be repeated)
- --machine: the machine to import the secrets to (can be repeated)
- --user: the user to import the secrets to (can be repeated)
- -e, --edit: edit the secret with $EDITOR instead of pasting it
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users
Usage: clan secrets users
Commands
- add:
- add-secret:
- get:
- list:
- remove:
- remove-secret:
Secrets users add
Usage: clan secrets users add
Positional arguments
- user: the name of the user
- agekey: public or private age key of the user. Execute 'clan secrets key --help' on how to retrieve a key. To fetch an age key from an SSH host key: ssh-keyscan
| nix shell nixpkgs#ssh-to-age -c ssh-to-age
Options
- -f, --force: overwrite existing user
- --age-key: public or private age key of the user. Execute 'clan secrets key --help' on how to retrieve a key. To fetch an age key from an SSH host key: ssh-keyscan
| nix shell nixpkgs#ssh-to-age -c ssh-to-age - --pgp-key: public PGP encryption key of the user. Execute
gpg -k --fingerprint --fingerprintand remove spaces to get it. - --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users add-secret
Usage: clan secrets users add-secret
Positional arguments
- user: the name of the user
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users get
Usage: clan secrets users get
Positional arguments
- user: the name of the user
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users list
Usage: clan secrets users list
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users remove
Usage: clan secrets users remove
Positional arguments
- user: the name of the user
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users remove-secret
Usage: clan secrets users remove-secret
Positional arguments
- user: the name of the group
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable