Secrets Manager

The DNV.SecretsManager package is a command line tool for managing secrets in Azure Key Vault or Azure DevOps Variable Groups.

This tool allows secrets to be downloaded and uploaded as structured JSON files, meaning secrets may be uploaded in structured collections where previously they might have been maintained individually.

What it does

Given a collection of key vault secrets in an Azure Key Vault for e.g:

Name	Type	Status
Account--BaseUrl	text/plain	Enabled
Company--ApiKey	text/plain	Enabled
Company--Authority	text/plain	Enabled
Company--ClientId	text/plain	Enabled
Company--ClientSecret	text/plain	Enabled
Emailer--BaseUri	text/plain	Enabled
Emailer--FunctionKey	text/plain	Enabled

The secrets manager tool could be executed with a command:

secretsmanager keyvault -d -s <keyvault-url> -f output-file.json

The resulting output-file.json would look like:

{
  "Account": {
    "BaseUrl": <secret value>
  },
  "Company": {
    "ApiKey": <secret value>,
    "Authority": <secret value>,
    "BaseUrl": <secret value>,
    "ClientId": <secret value>,
    "ClientSecret": <secret value>
  },
  "Emailer": {
    "BaseUri": <secret value>,
    "FunctionKey": <secret value>
  }
}

Conversely, an input json file (input-file.json) could be uploaded to an Azure Key vault by executing a command:

secretsmanager keyvault -u -s <keyvault-url> -f input-file.json

Hierachy

The secrets manager assumes a convention where the parent-child relationship between entities in a hierarchy are expressed with a -- delimeter.

In practice this means: to express that Company is the parent of ApiKey a key would be named Company--ApiKey, if there exists multiple children to a parent they would be aggregated in to a single parent as may be seen in the result above with keys: Company--ApiKey, Company--Authority and Company--BaseUrl etc. Parent-child relationships may extend to far greater depth than the example given.

Arrays

It is also possible to include arrays of data in your configuration.

{
	"Names": [
		<secret value>,
		<secret-value>,
		<secret-value>
	]
}

Uploading this would result in a set of secrets with indexes included in their keys:

Name	Type	Status
Names--0	text/plain	Enabled
Names--1	text/plain	Enabled
Names--2	text/plain	Enabled

Useage

secretsmanager   <command> [<args>]

Commands:
        keyvault        Download or upload secrets from/to Azure Keyvault
        variablegroup   Download or upload secrets from/to Azure DevOps Variable Group

Key vault command

secretsmanager keyvault			[-h | --help]
						 		-d | --download -u | --upload | -c | --clear
						 		-s | --url <url>
						 		-f | --filename <filename>

Options

-h | --help

Prints the synopsis of commands and options available.

-d | --download

Requests the secrets to be downloaded from the specified source to a JSON file.

-u | --upload

Requests that a provided JSON file be uploaded to a specified source.

-c | --clear

Deletes all secrets from the specified source.

-s | --url <url>

Provide the URL to the keyvault.

-f | --filename <filename>

Specify the file to which you would like to download to or upload from.

Variable group command

secretsmanager variablegroup	[-h | --help]
								-d | --download -u | --upload | -c | --clear
								-s | --base-url <base-url>
								-o | --organization <organization>
								-p | --pat <pat>
								-g | --group-id <group-id>
								-f | --filename <filename>

Options

-h | --help

Prints the synopsis of commands and options available.

-d | --download

Requests the secrets to be downloaded from the specified source to a JSON file.

-u | --upload

Requests that a provided JSON file be uploaded to a specified source.

-c | --clear

Deletes all secrets from the specified source.

-s | --base-url <base-url>

Provide the base URL to the Azure DevOps.

-o | --organization <organization>

Provide the organization under Azure DevOps to which a variable group belongs.

-p | --pat <pat>

Specify the Person Access Token for authentication.

-g | --group-id <group-id>

Specify the id of the variable group you would like to download from or upload to.

-f | --filename <filename>

Specify the file to which you would like to download to or upload from.

Secrets Manager

The DNV.SecretsManager package is a command line tool for managing secrets in Azure Key Vault or Azure DevOps Variable Groups.

What it does

Given a collection of key vault secrets in an Azure Key Vault for e.g:

Name	Type	Status
Account--BaseUrl	text/plain	Enabled
Company--ApiKey	text/plain	Enabled
Company--Authority	text/plain	Enabled
Company--ClientId	text/plain	Enabled
Company--ClientSecret	text/plain	Enabled
Emailer--BaseUri	text/plain	Enabled
Emailer--FunctionKey	text/plain	Enabled

The secrets manager tool could be executed with a command:

secretsmanager keyvault -d -s <keyvault-url> -f output-file.json

The resulting output-file.json would look like:

{
  "Account": {
    "BaseUrl": <secret value>
  },
  "Company": {
    "ApiKey": <secret value>,
    "Authority": <secret value>,
    "BaseUrl": <secret value>,
    "ClientId": <secret value>,
    "ClientSecret": <secret value>
  },
  "Emailer": {
    "BaseUri": <secret value>,
    "FunctionKey": <secret value>
  }
}

Conversely, an input json file (input-file.json) could be uploaded to an Azure Key vault by executing a command:

secretsmanager keyvault -u -s <keyvault-url> -f input-file.json

Hierachy

The secrets manager assumes a convention where the parent-child relationship between entities in a hierarchy are expressed with a -- delimeter.

Arrays

It is also possible to include arrays of data in your configuration.

{
	"Names": [
		<secret value>,
		<secret-value>,
		<secret-value>
	]
}

Uploading this would result in a set of secrets with indexes included in their keys:

Name	Type	Status
Names--0	text/plain	Enabled
Names--1	text/plain	Enabled
Names--2	text/plain	Enabled

Useage

secretsmanager   <command> [<args>]

Commands:
        keyvault        Download or upload secrets from/to Azure Keyvault
        variablegroup   Download or upload secrets from/to Azure DevOps Variable Group

Key vault command

secretsmanager keyvault			[-h | --help]
						 		-d | --download -u | --upload | -c | --clear
						 		-s | --url <url>
						 		-f | --filename <filename>

Options

-h | --help

Prints the synopsis of commands and options available.

-d | --download

Requests the secrets to be downloaded from the specified source to a JSON file.

-u | --upload

Requests that a provided JSON file be uploaded to a specified source.

-c | --clear

Deletes all secrets from the specified source.

-s | --url <url>

Provide the URL to the keyvault.

-f | --filename <filename>

Specify the file to which you would like to download to or upload from.

Variable group command

secretsmanager variablegroup	[-h | --help]
								-d | --download -u | --upload | -c | --clear
								-s | --base-url <base-url>
								-o | --organization <organization>
								-p | --pat <pat>
								-g | --group-id <group-id>
								-f | --filename <filename>

Options

-h | --help

Prints the synopsis of commands and options available.

-d | --download

Requests the secrets to be downloaded from the specified source to a JSON file.

-u | --upload

Requests that a provided JSON file be uploaded to a specified source.

-c | --clear

Deletes all secrets from the specified source.

-s | --base-url <base-url>

Provide the base URL to the Azure DevOps.

-o | --organization <organization>

Provide the organization under Azure DevOps to which a variable group belongs.

-p | --pat <pat>

Specify the Person Access Token for authentication.

-g | --group-id <group-id>

Specify the id of the variable group you would like to download from or upload to.

-f | --filename <filename>

Specify the file to which you would like to download to or upload from.

Veracity-Engineering/DNV.SecretsManager.ConsoleAppv1.3.3

Get Started

Readme

Secrets Manager

What it does

Hierachy

Arrays

Useage

Key vault command

Options

Variable group command

Options

Veracity-Engineering/DNV.SecretsManager.ConsoleAppv1.3.3

Get Started

Readme

Secrets Manager

What it does

Hierachy

Arrays

Useage

Key vault command

Options

Variable group command

Options