Secrets
Manage secrets
Usage: clan secrets
This subcommand provides an interface to secrets.
Examples
$ clan secrets list [regex]
Will list secrets for all managed machines. It accepts an optional regex, allowing easy filtering of returned secrets.
$ clan secrets get [SECRET]
Will display the content of the specified secret.
For more detailed information, visit: secrets
Secrets get
Usage: clan secrets get
Positional arguments
- secret:
<secret-name>the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups
Usage: clan secrets groups
Commands
Secrets groups add-machine
Usage: clan secrets groups add-machine
Positional arguments
- group: the name of the secret
- machine: the name of the machines to add
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups add-secret
Usage: clan secrets groups add-secret
Positional arguments
- group: the name of the secret
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups add-user
Usage: clan secrets groups add-user
Positional arguments
- group: the name of the secret
- user: the name of the user to add
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups list
Usage: clan secrets groups list
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups remove-machine
Usage: clan secrets groups remove-machine
Positional arguments
- group: the name of the secret
- machine: the name of the machines to remove
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups remove-secret
Usage: clan secrets groups remove-secret
Positional arguments
- group: the name of the secret
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets groups remove-user
Usage: clan secrets groups remove-user
Positional arguments
- group: the name of the secret
- user: the name of the user to remove
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets import-sops
Usage: clan secrets import-sops
Positional arguments
- sops_file: the sops file to import (- for stdin)
Options
- --input-type: the input type of the sops file (yaml, json, ...). If not specified, it will be guessed from the file extension
- --group: the group to import the secrets to
- --machine: the machine to import the secrets to
- --user: the user to import the secrets to
- --prefix: the prefix to use for the secret names
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets key
Usage: clan secrets key
Commands
Secrets key generate
Generate an age key for the Clan, if you already have an age or PGP key, then use it to create your user, see: `clan secrets users add --help'
Usage: clan secrets key generate
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets key show
Usage: clan secrets key show
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets key update
Usage: clan secrets key update
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets list
Usage: clan secrets list
Positional arguments
- pattern: a pattern to filter the secrets. All secrets containing the pattern will be listed.
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines
Usage: clan secrets machines
Commands
- add:
- add-secret:
- get:
- list:
- remove:
- remove-secret:
Secrets machines add
Usage: clan secrets machines add
Positional arguments
- machine: the name of the machine
- key: public or private age key of the machine
Options
- -f, --force: overwrite existing machine
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines add-secret
Usage: clan secrets machines add-secret
Positional arguments
- machine: the name of the machine
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines get
Usage: clan secrets machines get
Positional arguments
- machine: the name of the machine
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines list
Usage: clan secrets machines list
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines remove
Usage: clan secrets machines remove
Positional arguments
- machine: the name of the machine
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets machines remove-secret
Usage: clan secrets machines remove-secret
Positional arguments
- machine: the name of the machine
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets remove
Usage: clan secrets remove
Positional arguments
- secret:
<secret-name>the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets rename
Usage: clan secrets rename
Positional arguments
- secret:
<secret-name>the name of the secret - new_name: the new name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets set
Usage: clan secrets set
Positional arguments
- secret:
<secret-name>the name of the secret
Options
- --group: the group to import the secrets to (can be repeated)
- --machine: the machine to import the secrets to (can be repeated)
- --user: the user to import the secrets to (can be repeated)
- -e, --edit: edit the secret with $EDITOR instead of pasting it
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users
Usage: clan secrets users
Commands
- add:
- add-secret:
- get:
- list:
- remove:
- remove-secret:
Secrets users add
Usage: clan secrets users add
Positional arguments
- user: the name of the user
- agekey: public or private age key of the user. Execute 'clan secrets key --help' on how to retrieve a key. To fetch an age key from an SSH host key: ssh-keyscan
| nix shell nixpkgs#ssh-to-age -c ssh-to-age
Options
- -f, --force: overwrite existing user
- --age-key: public or private age key of the user. Execute 'clan secrets key --help' on how to retrieve a key. To fetch an age key from an SSH host key: ssh-keyscan
| nix shell nixpkgs#ssh-to-age -c ssh-to-age - --pgp-key: public PGP encryption key of the user. Execute
gpg -k --fingerprint --fingerprintand remove spaces to get it. - --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users add-secret
Usage: clan secrets users add-secret
Positional arguments
- user: the name of the user
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users get
Usage: clan secrets users get
Positional arguments
- user: the name of the user
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users list
Usage: clan secrets users list
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users remove
Usage: clan secrets users remove
Positional arguments
- user: the name of the user
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable
Secrets users remove-secret
Usage: clan secrets users remove-secret
Positional arguments
- user: the name of the group
- secret: the name of the secret
Options
- --debug: Enable debug logging
- --option:
<('name', 'value')>Nix option to set - --flake:
<PATH>path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable