Skip to main content
Manage secrets For a detailed overview, please visit the secret’s reference page.
cpln secret [SUBCOMMAND]
Commands:
  cpln secret access-report <ref>     Show the access report for the referenced secret
  cpln secret audit [ref]             Retrieve audit trail events for the referenced secret
  cpln secret clone <ref>             Create a clone of the referenced secret  [aliases: copy]
  cpln secret create-aws              Create a new AWS secret
  cpln secret create-azure-connector  Create a new Azure Connector secret
  cpln secret create-azure-sdk        Create a new Azure SDK secret
  cpln secret create-dictionary       Create a new dictionary secret  [aliases: create-dict]
  cpln secret create-docker           Create a new Docker secret
  cpln secret create-ecr              Create a new ECR secret
  cpln secret create-gcp              Create a new GCP secret
  cpln secret create-keypair          Create a new KeyPair secret
  cpln secret create-nats             Create a new nats account secret
  cpln secret create-opaque           Create a new opaque secret
  cpln secret create-tls              Create a new TLS secret
  cpln secret create-userpass         Create a new Username/Password secret
  cpln secret delete <ref...>         Delete one or more referenced secrets
  cpln secret edit <ref>              Edit the referenced secret, as YAML, within an editor
  cpln secret eventlog <ref>          Show the event log of the referenced secret  [aliases: log]
  cpln secret get [ref...]            Retrieve one or more referenced secrets
  cpln secret patch <ref>             Update the referenced secret's metadata using an input file
  cpln secret permissions             Show the grantable permissions for a secret object type
  cpln secret query                   Find all the secrets based on the given query
  cpln secret reveal [ref]            Show the secret in plaintext
  cpln secret tag <ref...>            Manage the tags belonging to one or more referenced secrets
  cpln secret update <ref>            Update properties of the referenced secret

Options:
  --help  Show help  [boolean]

secret access-report

Show the access report for the referenced secret Usage
cpln secret access-report <ref> [OPTIONS]
Positionals:
  ref  The resource reference. Usually it is the name of the resource.  [required]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret access-report demo-secret --org demo-cpln-organization
+-----------+--------------------------------------------------------+--------+
|PERMISSION |PRINCIPAL                                               |GRANTED |
|-----------|--------------------------------------------------------|--------|
|create     |/org/demo-cpln-organization/group/superusers            |manage  |
|create     |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
|delete     |/org/demo-cpln-organization/group/superusers            |manage  |
|delete     |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
|edit       |/org/demo-cpln-organization/group/superusers            |manage  |
|edit       |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
|manage     |/org/demo-cpln-organization/group/superusers            |manage  |
|manage     |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
|reveal     |/org/demo-cpln-organization/group/superusers            |manage  |
|reveal     |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
|use        |/org/demo-cpln-organization/group/superusers            |manage  |
|use        |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
|view       |/org/demo-cpln-organization/group/viewers               |view    |
|view       |/org/demo-cpln-organization/group/superusers            |manage  |
|view       |/org/demo-cpln-organization/serviceaccount/controlplane |manage  |
+-----------+--------------------------------------------------------+--------+

secret audit

Retrieve audit trail events for the referenced secret Usage
cpln secret audit [ref] [OPTIONS]
Positionals:
  ref  The resource reference. Usually it is the name of the resource.

Command options:
  --subject  Filter by subject (serviceaccount name or user email)  [string]
  --context  Audit context name (the 'cpln' context displays Control Plane actions)  [string] [default: "cpln"]
  --since    Relative lookback window from now (e.g., 1h, 24h, 7d). Mutually exclusive with --from/--to  [string] [default: "7d"]
  --from     Start time for audit events (ISO 8601 format or relative duration, e.g., 2025-10-23T07:00:00Z, 7d, 1h). Cannot be used with --since  [string]
  --to       End time for audit events (ISO 8601 format or relative duration, e.g., 2025-10-23T07:00:00Z, 1d, 30m)  [string]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret clone

Create a clone of the referenced secret Usage
cpln secret clone <ref> --name CLONE_NAME [OPTIONS]
Positionals:
  ref  The resource reference. Usually it is the name of the resource.  [required]

Command options:
  --name         Set the name for the clone  [required]
  --description  Optional description, defaults to the name if not set
  --tag          Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret clone demo-secret --name demo-secret-clone --org demo-cpln-organization
+------------------+---------------------+---------+--------+--------------+
|NAME              |DESCRIPTION          |TYPE     |CREATED |TAGS          |
|------------------|---------------------|---------|--------|--------------|
|demo-secret-clone |Clone of demo-secret |userpass |Now     |drink="water" |
+------------------+---------------------+---------+--------+--------------+

secret create-aws

Create a new AWS secret Usage
cpln secret create-aws --name SECRET_NAME --access-key AWS_ACCESS_KEY --secret-key AWS_SECRET_KEY [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --access-key           AWS access key  [required]
  --secret-key           AWS secret key  [required]
  --role-arn             AWS role. Optional: Only if using "assumeRole"
  --external-id          AWS IAM Role External Id
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-azure-connector

Create a new Azure Connector secret Usage
cpln secret create-azure-connector --name SECRET_NAME --url DEPLOYMENT_URL --code FUNCTION_APP_CODE [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --url                  URL of the azure connector function  [required]
  --code                 Code of the azure connector function  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-azure-sdk

Create a new Azure SDK secret Usage
cpln secret create-azure-sdk --name SECRET_NAME [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --file, -f             Load the secret from a file. The file is usually created using the command `az ad sp create-for-rbac`  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-dictionary

Create a new dictionary secret Usage
cpln secret create-dictionary --name SECRET_NAME --entry KEY=VALUE [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --entry                Add an entry to the dictionary. Use the syntax: `key=value`  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-docker

Create a new Docker secret Usage
cpln secret create-docker --name SECRET_NAME --file FILE_NAME
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --file, -f             Load the docker config from a file (e.g., ~/.docker/config.json)  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-ecr

Create a new ECR secret Usage
cpln secret create-ecr --name SECRET_NAME --access-key AWS_ACCESS_KEY --repo ECR_REPO [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --access-key           AWS access key  [required]
  --secret-key           AWS secret key  [required]
  --role-arn             AWS role. Optional: Only if using "assumeRole"
  --repo                 ECR repository URI (e.g., AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPO_NAME)  [required]
  --external-id          AWS IAM Role External Id
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-gcp

Create a new GCP secret Usage
cpln secret create-gcp --name SECRET_NAME --file FILE_NAME [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --file, -f             Load the secret from a file. The file is usually exported from the GCP console  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-keypair

Create a new KeyPair secret Usage
cpln secret create-keypair --name SECRET_NAME --secret PATH_TO_SECRET_KEY [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --secret               Path to the secret key file  [required]
  --public               Path to the public key file
  --passphrase           Passpharse for the private key
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-nats

Create a new nats account secret Usage
cpln secret create-nats --name SECRET_NAME --account-id ACCOUNT_ID --private-key PRIVATE_KEY [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --account-id           Account Id of the NATS account  [required]
  --private-key          Private Key to access the NATS account  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-opaque

Create a new opaque secret Usage
cpln secret create-opaque --name SECRET_NAME --file FILE_NAME [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --file, -f             Load the secret content from a file, use - for stdin  [required]
  --encoding             Set encoding. Available options: "base64", "plain"  [default: "base64"]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-tls

Create a new TLS secret Usage
cpln secret create-tls --name SECRET_NAME --key PATH_TO_KEY --cert PATH_TO_CERTIFICATE [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --key                  Path to the private key file in PEM format  [required]
  --cert                 Path to the certificate file in PEM format  [required]
  --chain                Path to the certificate chain file in PEM format
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference

secret create-userpass

Create a new Username/Password secret Usage
cpln secret create-userpass --name SECRET_NAME --username USERNAME --password PASSWORD [OPTIONS]
Command options:
  --name                 Name of the secret  [required]
  --description, --desc  Optional description, defaults to the name if not set
  --username             Username  [required]
  --password             Password  [required]
  --tag                  Attach tags (e.g., --tag drink=water)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret create-userpass --name demo-secret --username username --password password --desc demo-secret --tag drink=water --org demo-cpln-organization
+------------+------------+---------+--------+--------------+
|NAME        |DESCRIPTION |TYPE     |CREATED |TAGS          |
|------------|------------|---------|--------|--------------|
|demo-secret |demo-secret |userpass |Now     |drink="water" |
+------------+------------+---------+--------+--------------+

secret delete

Delete one or more referenced secrets Usage
cpln secret delete <ref...> [OPTIONS]
Positionals:
  ref  One or more resource references. Usually it is the name of the resource.  [array] [required] [default: []]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret delete demo-secret --org demo-cpln-organization
If the delete was successful, a new command prompt will be shown.

secret edit

Edit the referenced secret, as YAML, within an editor Usage
cpln secret edit <ref> [OPTIONS]
The default editor can be set by using the EDITOR environment variable.
Command options:
  --replace, -r  Replace instead of patch/merge  [boolean] [default: "false"]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret edit demo-secret --org demo-cpln-organization
Your default editor will be launched.

Once any modifications are saved, the updates will be sent to the API.

secret eventlog

Show the event log of the referenced secret Usage
cpln secret eventlog <ref> [OPTIONS]
Positionals:
  ref  The resource reference. Usually it is the name of the resource.  [required]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret eventlog demo-secret --org demo-cpln-organization
The event log for the referenced secret will be shown.

secret get

Retrieve one or more referenced secrets Usage
cpln secret get [ref...] [OPTIONS]
An empty reference will return all references
Positionals:
  ref  One or more resource references. Usually it is the name of the resource.  [array] [default: []]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
  • Get all secrets
cpln secret get --org demo-cpln-organization
+------------------+------------------+----------------+--------------+--------------+
|NAME              |DESCRIPTION       |TYPE            |CREATED       |TAGS          |
|------------------|------------------|----------------|--------------|--------------|
|azure-secret      |azure-secret      |azure-connector |9 minutes ago |              |
|demo-secret       |demo-secret       |userpass        |9 minutes ago |drink="water" |
|demo-secret-get-1 |demo-secret-get-1 |userpass        |Now           |              |
|demo-secret-get-2 |demo-secret-get-2 |userpass        |Now           |              |
+------------------+------------------+----------------+--------------+--------------+
  • Get one secret
cpln secret get demo-secret-get-1 --org demo-cpln-organization
+------------------+------------------+---------+--------+-----+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS |
|------------------|------------------|---------|--------|-----|
|demo-secret-get-1 |demo-secret-get-1 |userpass |Now     |     |
+------------------+------------------+---------+--------+-----+
  • Get multiple secrets
cpln secret get demo-secret-get-1 demo-secret-get-2 --org demo-cpln-organization
+------------------+------------------+---------+--------+-----+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS |
|------------------|------------------|---------|--------|-----|
|demo-secret-get-1 |demo-secret-get-1 |userpass |Now     |     |
|demo-secret-get-2 |demo-secret-get-2 |userpass |Now     |     |
+------------------+------------------+---------+--------+-----+

secret patch

Update the referenced secret’s metadata using an input file Usage
cpln secret patch <ref> --file FILE_NAME [OPTIONS]
Running this command with the option --file - sets the input to stdin. The input is required to be a valid JSON or YAML string (e.g., {"description": "My new description"} or description: My new description). To complete the update, press Control-D (or Control-Z if you are using Windows).
Positionals:
  ref  The resource reference. Usually it is the name of the resource.  [required]

Command options:
  --file, -f  File to load the patch from. Use `--file -` to enable input from stdin.  [required]

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret patch demo-secret --file update.json --org demo-cpln-organization
The changes within the JSON file will be performed against the referenced secret.

secret permissions

Show the grantable permissions for a secret object type Usage
cpln secret permissions [OPTIONS]
Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
cpln secret permissions --org demo-cpln-organization
+-------+-----------------------------------------+------------------------------------------------+
|NAME   |DESCRIPTION                              |IMPLIES                                         |
|-------|-----------------------------------------|------------------------------------------------|
|create |Create new secrets                       |                                                |
|delete |Delete secrets                           |                                                |
|edit   |Modify existing secrets                  |view, reveal                                    |
|manage |Full access                              |create, delete, edit, manage, reveal, use, view |
|reveal |Reveal the plaintext of the secret       |view                                            |
|use    |Refer to this secret from other entit... |view                                            |
|view   |Read-only access excluding plaintext     |                                                |
+-------+-----------------------------------------+------------------------------------------------+

secret query

Find all the secrets based on the given query Usage
cpln secret query QUERY_OPTIONS [OPTIONS]
Query options:
  --match             Query filter type  [choices: "all", "none", "any"] [default: "all"]
  --property, --prop  Property to query
  --tag               Tag to query
  --rel               Relation to query

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
Use the --match option to display all, none, or any of the results based on a given property or tag
  • Search for a secret based on the name property
cpln secret query --match any --prop name=demo-secret --org demo-cpln-organization
+------------+------------+---------+--------------+--------------+
|NAME        |DESCRIPTION |TYPE     |CREATED       |TAGS          |
|------------|------------|---------|--------------|--------------|
|demo-secret |demo-secret |userpass |9 minutes ago |drink="water" |
+------------+------------+---------+--------------+--------------+
  • Search for a secret based on the description property
cpln secret query --match any --prop description="demo-secret" --org demo-cpln-organization
+------------+------------+---------+--------------+--------------+
|NAME        |DESCRIPTION |TYPE     |CREATED       |TAGS          |
|------------|------------|---------|--------------|--------------|
|demo-secret |demo-secret |userpass |9 minutes ago |drink="water" |
+------------+------------+---------+--------------+--------------+
  • Search for a secret based on a tag
cpln secret query --match any --tag drink=water --org demo-cpln-organization
+------------+------------+---------+--------------+--------------+
|NAME        |DESCRIPTION |TYPE     |CREATED       |TAGS          |
|------------|------------|---------|--------------|--------------|
|demo-secret |demo-secret |userpass |9 minutes ago |drink="water" |
+------------+------------+---------+--------------+--------------+
  • Search for a secret based on a property and tag
cpln secret query --match any --prop description="demo-secret" --tag drink=water --org demo-cpln-organization
+------------+------------+---------+--------------+--------------+
|NAME        |DESCRIPTION |TYPE     |CREATED       |TAGS          |
|------------|------------|---------|--------------|--------------|
|demo-secret |demo-secret |userpass |9 minutes ago |drink="water" |
+------------+------------+---------+--------------+--------------+

secret reveal

Show the secret in plaintext Usage
cpln secret reveal [ref] [OPTIONS]
Positionals:
  ref  The resource reference. Usually it is the name of the resource.

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names", "smart"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
  • Reveal the secret of a UserPass secret
cpln secret reveal demo-secret --org demo-cpln-organization
+------------+------------+---------+--------------+--------------+
|NAME        |DESCRIPTION |TYPE     |CREATED       |TAGS          |
|------------|------------|---------|--------------|--------------|
|demo-secret |demo-secret |userpass |9 minutes ago |drink="water" |
+------------+------------+---------+--------------+--------------+

secret tag

Manage the tags belonging to one or more referenced secrets Usage
cpln secret tag <ref...> --tag KEY=VALUE [OPTIONS]
Built-in tags, which begin with cpln/*, can’t be modified.
Positionals:
  ref  One or more resource references. Usually it is the name of the resource.  [array] [required] [default: []]

Command options:
  --tag         Attach tags (e.g., --tag drink=water)
  --remove-tag  Remove tags (e.g., --remove-tag tagname)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
  • Add a tag to a secret
cpln secret tag demo-secret-tag-1 --tag drink=water --org demo-cpln-organization
+------------------+------------------+---------+--------+--------------+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS          |
|------------------|------------------|---------|--------|--------------|
|demo-secret-tag-1 |demo-secret-tag-1 |userpass |Now     |drink="water" |
+------------------+------------------+---------+--------+--------------+
  • Update same tag (after running the example above)
cpln secret tag demo-secret-tag-1 --tag drink=coffee --org demo-cpln-organization
+------------------+------------------+---------+--------+---------------+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS           |
|------------------|------------------|---------|--------|---------------|
|demo-secret-tag-1 |demo-secret-tag-1 |userpass |Now     |drink="coffee" |
+------------------+------------------+---------+--------+---------------+
  • Remove tag (after running the example above)
cpln secret tag demo-secret-tag-1 --remove drink --org demo-cpln-organization
+------------------+------------------+---------+--------+-----+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS |
|------------------|------------------|---------|--------|-----|
|demo-secret-tag-1 |demo-secret-tag-1 |userpass |Now     |     |
+------------------+------------------+---------+--------+-----+
  • Add same tag to multiple secrets
cpln secret tag demo-secret-tag-1 demo-secret-tag-2 --tag multiple-secrets=true --org demo-cpln-organization
+------------------+------------------+---------+--------+------------------------+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS                    |
|------------------|------------------|---------|--------|------------------------|
|demo-secret-tag-1 |demo-secret-tag-1 |userpass |Now     |multiple-secrets="true" |
|demo-secret-tag-2 |demo-secret-tag-2 |userpass |Now     |multiple-secrets="true" |
+------------------+------------------+---------+--------+------------------------+
  • Update same tag on multiple secrets (after running the example above)
cpln secret tag demo-secret-tag-1 demo-secret-tag-2 --tag multiple-secrets=demo-secret --org demo-cpln-organization
+------------------+------------------+---------+--------+-------------------------------+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS                           |
|------------------|------------------|---------|--------|-------------------------------|
|demo-secret-tag-1 |demo-secret-tag-1 |userpass |Now     |multiple-secrets="demo-secret" |
|demo-secret-tag-2 |demo-secret-tag-2 |userpass |Now     |multiple-secrets="demo-secret" |
+------------------+------------------+---------+--------+-------------------------------+
  • Remove same tag from multiple secrets (after running the example above)
cpln secret tag demo-secret-tag-1 demo-secret-tag-2 --remove multiple-secrets --org demo-cpln-organization
+------------------+------------------+---------+--------+-----+
|NAME              |DESCRIPTION       |TYPE     |CREATED |TAGS |
|------------------|------------------|---------|--------|-----|
|demo-secret-tag-1 |demo-secret-tag-1 |userpass |Now     |     |
|demo-secret-tag-2 |demo-secret-tag-2 |userpass |Now     |     |
+------------------+------------------+---------+--------+-----+

secret update

Update properties of the referenced secret Usage
cpln secret update <ref> --set UPDATE_PROPERTY [OPTIONS]
Positionals:
  ref  The resource reference. Usually it is the name of the resource.  [required]

Update Properties:
  --set    Update the following properties (e.g., --set description="Updated Description"):

           description    string
           tags.<key>     string
  --unset  Unset a property (same paths as --set, e.g., --unset description)

Context options:
  --profile  Override the profile. The default profile can be set using the `cpln profile set-default` command or by setting the CPLN_PROFILE environment variable
  --org      Override the organization. The default organization can be set in your profile by using the `cpln profile update` command

Format options:
  --output, -o  Set the output format  [choices: "text", "json", "yaml", "json-slim", "yaml-slim", "tf", "crd", "names"]
  --color       Colorize the output  [boolean] [default: true]
  --ts          Timestamp format if the output format is text (e.g., --output=text)  [choices: "iso", "local", "age"]
  --max         Maximum number of records to show. A value less than 1 will return all records.  [number] [default: 50]

Request options:
  --token         Override the authorization token
  --endpoint      Override the API URL
  --insecure, -k  Ignore TLS errors  [boolean]

Debug options:
  --verbose, -v  Enable verbose output to stderr  [boolean] [default: false]
  --debug, -d    Show all HTTP communications  [boolean] [default: false]

Options:
  --help  Show help  [boolean]
Common Options Reference
  • The --set option allows the modification of the following secret properties:
    • description
      • Description of the secret
      • Type: string
    • tags
      • Tags (key=value) associated with the secret
      • Type: string
    • targetLinks
      • Array of target links belonging to the secret
      • Type: string
    • target
      • The target of the secret
      • Type: string
      • Allowed values: ‘all’
  • For the examples below, the initial secret is configured as:
+-------------------+-------------------+---------+--------+-----+
|NAME               |DESCRIPTION        |TYPE     |CREATED |TAGS |
|-------------------|-------------------|---------|--------|-----|
|demo-secret-update |demo-secret-update |userpass |Now     |     |
+-------------------+-------------------+---------+--------+-----+
  • Update a secret’s description
cpln secret update demo-secret-update --set description="new description" --org demo-cpln-organization
+-------------------+----------------+---------+--------+-----+
|NAME               |DESCRIPTION     |TYPE     |CREATED |TAGS |
|-------------------|----------------|---------|--------|-----|
|demo-secret-update |new description |userpass |Now     |     |
+-------------------+----------------+---------+--------+-----+
  • Update a secret’s tag
cpln secret update demo-secret-update --set tags.demo-key=demo-value --org demo-cpln-organization
+-------------------+----------------+---------+--------+----------------------+
|NAME               |DESCRIPTION     |TYPE     |CREATED |TAGS                  |
|-------------------|----------------|---------|--------|----------------------|
|demo-secret-update |new description |userpass |Now     |demo-key="demo-value" |
+-------------------+----------------+---------+--------+----------------------+