1. fortanix/sdkms-cli@1.0.1

fortanix/sdkms-cli@1.0.1

Partner
Sections
Install and configure Fortanix SDKMS CLI tool View this orb's source at - https://github.com/fortanix/sdkms-cli-orb
Created: August 8, 2019Version Published: August 16, 2019Releases: 2
Org Usage:
< 25

Orb Quick Start Guide

Use CircleCI version 2.1 at the top of your .circleci/config.yml file.

1 version: 2.1

Add the orbs stanza below your version, invoking the orb:

1 2 orbs: sdkms-cli: fortanix/sdkms-cli@1.0.1

Use sdkms-cli elements in your existing workflows and jobs.

Opt-in to use of uncertified orbs on your organization’s Security settings page.

Usage Examples

example

# What will this example document? # Descriptions should be short, simple, and clear.

1 2 3 4 5 6 7 8 9 jobs: sdkms-cli: executor: sdkms-cli/default steps: - checkout - sdkms-cli/install orbs: sdkms-cli: ffaruqui_sandbox/sdkms-cli@0.0.1 version: 2.1

Jobs

get-secret-value

Install SDKMS CLI if needed, authenticate and get a secret value from SDKMS

Show job Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
api-endpoint
SDKMS API Endpoint
No
https://sdkms.fortanix.com
string
api-key
SDKMS API Key
Yes
-
string
secret-file
"If secret value being retrieved is huge, use this parameter to specify \" \" the file to store the secret value"
Yes
-
string
secret-name
Name of secret to retrieve.
Yes
-
string

store-secret-value

Install SDKMS CLI if needed, authenticate and store a secret value in SDKMS

Show job Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
api-endpoint
SDKMS API Endpoint
No
https://sdkms.fortanix.com
string
api-key
SDKMS API Key
Yes
-
string
secret-description
Description of secret
Yes
-
string
secret-file
"If secret value to be stored is huge, use this parameter to specify \" \" the file that contains the secret value"
Yes
-
string
secret-name
Name of secret to retrieve.
Yes
-
string
secret-value
"Secret value to store in SDKMS. This value can be plain text value."\ \" If the value is a binary data, then value should be passed as\" \" base64 encoded"
Yes
-
string

Commands

authenticate

Authenticate to SDKMS

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
api-endpoint
SDKMS API Endpoint
No
https://sdkms.fortanix.com
string
api-key
SDKMS API Key
Yes
-
string

get-secret

Get a secret value from SDKMS

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
api-endpoint
SDKMS API Endpoint
No
https://sdkms.fortanix.com
string
secret-file
"If secret value being retrieved is huge, use this parameter to specify \" \" the file to store the secret value"
Yes
-
string
secret-name
Name of secret to retrieve.
Yes
-
string

install

Install the SDKMS CLI via pip

Show command Source

logout

Terminate authentication session with SDKMS

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
api-endpoint
SDKMS API Endpoint
No
https://sdkms.fortanix.com
string

store-secret

Store a secret in SDKMS

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
api-endpoint
SDKMS API Endpoint
No
https://sdkms.fortanix.com
string
secret-description
Description of secret
Yes
-
string
secret-file
"If secret value to be stored is huge, use this parameter to specify \" \" the file that contains the secret value"
Yes
-
string
secret-name
Name of secret." " This will be used to retrieve secret value later
Yes
-
string
secret-value
"Secret value to store in SDKMS. This value can be plain text value."\ \" If the value is a binary data, then value should be passed as\" \" base64 encoded"
Yes
-
string

Executors

default

The Debian-based Docker container to use when installing SDKMS CLI

Show executor Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
python-version
-
No
'2.7'
string
release
-
No
stretch
string

Orb Source

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 # This code is licensed from CircleCI to the user under the MIT license. # See here for details: https://circleci.com/developer/orbs/licensing commands: authenticate: description: Authenticate to SDKMS parameters: api-endpoint: default: https://sdkms.fortanix.com description: SDKMS API Endpoint type: string api-key: description: SDKMS API Key type: string steps: - run: command: | sdkms-cli --api-endpoint <<parameters.api-endpoint>> app-login\ --api-key <<parameters.api-key>> name: Authenticate as an app to SDKMS get-secret: description: Get a secret value from SDKMS parameters: api-endpoint: default: https://sdkms.fortanix.com description: SDKMS API Endpoint type: string secret-file: description: | "If secret value being retrieved is huge, use this parameter to specify \" \" the file to store the secret value" type: string secret-name: description: Name of secret to retrieve. type: string steps: - run: command: | SECRET_VALUE_FILE=/tmp/sdkms_secret_file rm -f $SECRET_VALUE_FILE sdkms-cli --api-endpoint <<parameters.api-endpoint>> export-object\ --name <<parameters.secret-name>> >> $SECRET_VALUE_FILE if [ "<<parameters.secret-file>>" != "" ] then cp $SECRET_VALUE_FILE <<parameters.secret-file>> else rm -f /tmp/export_value echo "export SDKMS_SECRET_VALUE=$(cat $SECRET_VALUE_FILE)"\ >> /tmp/export_value source /tmp/export_value rm -f /tmp/export_value fi rm -rf $SECRET_VALUE_FILE name: Get a secrete value from SDKMS install: description: Install the SDKMS CLI via pip steps: - run: command: | export PIP=$(which pip pip3 | head -1) if [[ -n $PIP ]]; then if which sudo > /dev/null; then sudo $PIP install sdkms-cli --upgrade else # This installs the SDKMS CLI to ~/.local/bin. # Make sure that ~/.local/bin is in your $PATH. $PIP install sdkms-cli --upgrade --user fi else echo "Unable to install SDKMS CLI. Please install pip." exit 1 fi name: Install SDKMS CLI logout: description: Terminate authentication session with SDKMS parameters: api-endpoint: default: https://sdkms.fortanix.com description: SDKMS API Endpoint type: string steps: - run: command: | sdkms-cli --api-endpoint <<parameters.api-endpoint>> app-logout name: App logout from SDKMS store-secret: description: Store a secret in SDKMS parameters: api-endpoint: default: https://sdkms.fortanix.com description: SDKMS API Endpoint type: string secret-description: description: Description of secret type: string secret-file: description: | "If secret value to be stored is huge, use this parameter to specify \" \" the file that contains the secret value" type: string secret-name: description: Name of secret." " This will be used to retrieve secret value later type: string secret-value: description: | "Secret value to store in SDKMS. This value can be plain text value."\ \" If the value is a binary data, then value should be passed as\" \" base64 encoded" type: string steps: - run: command: | SECRET_VALUE_FILE=/tmp/sdkms_secret_file rm -f $SECRET_VALUE_FILE if [ "<<parameters.secret-value>>" == "" ] then if [ "<<parameters.secret-file>>" != "" ] then echo "Either parameter secret-value or secret-file "\ "should be specified" exit 1 else SECRET_VALUE_FILE="<<parameters.secret-file>>" fi else echo <<parameters.secret-value>> >> $SECRET_VALUE_FILE fi sdkms-cli --api-endpoint <<parameters.api-endpoint>> import-secret\ --name <<parameters.secret-name>> \ --description <<parameters.secret-description>>\ --in $SECRET_VALUE_FILE rm -rf $SECRET_VALUE_FILE name: Store a secrete value in SDKMS description: | Install and configure Fortanix SDKMS CLI tool View this orb's source at - https://github.com/fortanix/sdkms-cli-orb examples: example: description: | # What will this example document? # Descriptions should be short, simple, and clear. usage: jobs: sdkms-cli: executor: sdkms-cli/default steps: - checkout - sdkms-cli/install orbs: sdkms-cli: ffaruqui_sandbox/sdkms-cli@0.0.1 version: 2.1 executors: default: description: The Debian-based Docker container to use when installing SDKMS CLI docker: - image: circleci/python:<<parameters.python-version>>-<<parameters.release>> parameters: python-version: default: "2.7" type: string release: default: stretch type: string jobs: get-secret-value: description: | Install SDKMS CLI if needed, authenticate and get a secret value from SDKMS executor: default parameters: api-endpoint: default: https://sdkms.fortanix.com description: SDKMS API Endpoint type: string api-key: description: SDKMS API Key type: string secret-file: description: | "If secret value being retrieved is huge, use this parameter to specify \" \" the file to store the secret value" type: string secret-name: description: Name of secret to retrieve. type: string steps: - install - authenticate: api-endpoint: <<parameters.api-endpoint>> api-key: <<parameters.api-key>> - get-secret: api-endpoint: <<parameters.api-endpoint>> secret-file: <<parameters.secret-file>> secret-name: <<parameters.secret-name>> - logout: api-endpoint: <<parameters.api-endpoint>> store-secret-value: description: | Install SDKMS CLI if needed, authenticate and store a secret value in SDKMS executor: default parameters: api-endpoint: default: https://sdkms.fortanix.com description: SDKMS API Endpoint type: string api-key: description: SDKMS API Key type: string secret-description: description: Description of secret type: string secret-file: description: | "If secret value to be stored is huge, use this parameter to specify \" \" the file that contains the secret value" type: string secret-name: description: Name of secret to retrieve. type: string secret-value: description: | "Secret value to store in SDKMS. This value can be plain text value."\ \" If the value is a binary data, then value should be passed as\" \" base64 encoded" type: string steps: - install - authenticate: api-endpoint: <<parameters.api-endpoint>> api-key: <<parameters.api-key>> - store-secret: api-endpoint: <<parameters.api-endpoint>> secret-description: <<parameters.secret-description>> secret-file: <<parameters.secret-file>> secret-name: <<parameters.secret-name>> secret-value: <<parameters.secret-value>> - logout: api-endpoint: <<parameters.api-endpoint>> version: 2.1
Developer Updates
Get tips to optimize your builds
Or join our research panel and give feedback
By submitting this form, you are agreeing to ourTerms of UseandPrivacy Policy.