Secrets

manage secrets

Usage: clan secrets

Commands

• get:
• groups:
• import-sops:
• key:
• list:
• machines:
• remove:
• rename:
• set:
• users:

This subcommand provides an interface to secret facts.

Examples

$ clan secrets list [regex]

Will list secrets for all managed machines. It accepts an optional regex, allowing easy filtering of returned secrets.

$ clan secrets get [SECRET]

Will display the content of the specified secret.

For more detailed information, visit: https://docs.clan.lol/getting-started/secrets/

Secrets get

Usage: clan secrets get

Positional arguments

1. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups

Usage: clan secrets groups

Commands

• add-machine:
• add-secret:
• add-user:
• list:
• remove-machine:
• remove-secret:
• remove-user:

Secrets groups add-machine

Usage: clan secrets groups add-machine

Positional arguments

1. group: the name of the secret
2. machine: the name of the machines to add

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups add-secret

Usage: clan secrets groups add-secret

Positional arguments

1. group: the name of the secret
2. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups add-user

Usage: clan secrets groups add-user

Positional arguments

1. group: the name of the secret
2. user: the name of the user to add

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups list

Usage: clan secrets groups list

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups remove-machine

Usage: clan secrets groups remove-machine

Positional arguments

1. group: the name of the secret
2. machine: the name of the machines to remove

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups remove-secret

Usage: clan secrets groups remove-secret

Positional arguments

1. group: the name of the secret
2. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets groups remove-user

Usage: clan secrets groups remove-user

Positional arguments

1. group: the name of the secret
2. user: the name of the user to remove

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets import-sops

Usage: clan secrets import-sops

Positional arguments

1. sops_file: the sops file to import (- for stdin)

Options

• --input-type: the input type of the sops file (yaml, json, ...). If not specified, it will be guessed from the file extension
• --group: the group to import the secrets to
• --machine: the machine to import the secrets to
• --user: the user to import the secrets to
• --prefix: the prefix to use for the secret names
• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets key

Usage: clan secrets key

Commands

• generate:
• show:
• update:

Secrets key generate

Usage: clan secrets key generate

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets key show

Usage: clan secrets key show

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets key update

Usage: clan secrets key update

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets list

Usage: clan secrets list

Positional arguments

1. pattern: a pattern to filter the secrets. All secrets containing the pattern will be listed.

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets machines

Usage: clan secrets machines

Commands

• add:
• add-secret:
• get:
• list:
• remove:
• remove-secret:

Secrets machines add

Usage: clan secrets machines add

Positional arguments

1. machine: the name of the machine
2. key: public key or private key of the user

Options

• -f, --force: overwrite existing machine
• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets machines add-secret

Usage: clan secrets machines add-secret

Positional arguments

1. machine: the name of the machine
2. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets machines get

Usage: clan secrets machines get

Positional arguments

1. machine: the name of the machine

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets machines list

Usage: clan secrets machines list

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets machines remove

Usage: clan secrets machines remove

Positional arguments

1. machine: the name of the machine

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets machines remove-secret

Usage: clan secrets machines remove-secret

Positional arguments

1. machine: the name of the machine
2. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets remove

Usage: clan secrets remove

Positional arguments

1. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets rename

Usage: clan secrets rename

Positional arguments

1. secret: the name of the secret
2. new_name: the new name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets set

Usage: clan secrets set

Positional arguments

1. secret: the name of the secret

Options

• --group: the group to import the secrets to (can be repeated)
• --machine: the machine to import the secrets to (can be repeated)
• --user: the user to import the secrets to (can be repeated)
• -e, --edit: edit the secret with $EDITOR instead of pasting it
• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets users

Usage: clan secrets users

Commands

• add:
• add-secret:
• get:
• list:
• remove:
• remove-secret:

Secrets users add

Usage: clan secrets users add

Positional arguments

1. user: the name of the user
2. key: public key or private key of the user.Execute 'clan secrets key --help' on how to retrieve a key.To fetch an age key from an SSH host key: ssh-keyscan | nix shell nixpkgs#ssh-to-age -c ssh-to-age

Options

• -f, --force: overwrite existing user
• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets users add-secret

Usage: clan secrets users add-secret

Positional arguments

1. user: the name of the user
2. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets users get

Usage: clan secrets users get

Positional arguments

1. user: the name of the user

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets users list

Usage: clan secrets users list

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets users remove

Usage: clan secrets users remove

Positional arguments

1. user: the name of the user

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Secrets users remove-secret

Usage: clan secrets users remove-secret

Positional arguments

1. user: the name of the group
2. secret: the name of the secret

Options

• --debug: Enable debug logging
• --option: <('name', 'value')> Nix option to set
• --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable