Manage DevOps Secrets Safe CLI Contexts

Contexts are CLI-specific configurations that allow you to access multiple instances of DevOps Secrets Safe from a single client machine. CLI contexts exist only on the client side and only tell the CLI where to access the DevOps Secrets Safe instance. They do not interact with the instance in any way on their own.

Assume you want to interact with two instances of DevOps Secrets Safe, one in staging and one in production, and you want to take the value of a secret from your staging DevOps Secrets Safe and save it to your production instance. In this example, your staging instance has an IP address of and your production instance has an IP address of
  1. Create a context pointed at staging:
    ssrun context create -n staging -a -p 443 -s false -v v1
  2. Create a context pointed at production:
    ssrun context create -n production -a -p 443 -s true -v v1
  3. Set the staging context to active:
    ssrun context set-current -n staging
  4. List all contexts:
    ssrun context get
    *        staging 443   v1           false
             production 443   v1           true
The asterisk () in the CURRENT* column shows it is the active context.
  1. Log on to the staging instance:
    ssrun login -u my_staging_user -p my_staging_user_password
  2. Save secret from staging DevOps Secrets Safe instance to your file system:
    ssrun secret get path/to/staging:secret -f mysecret
  3. Switch contexts so your CLI is pointed at the production DevOps Secrets Safe instance:
    ssrun context set-current -n production
  4. Log in as a user from the production DevOps Secrets Safe instance:
    ssrun login -u my_production_user -p my_production_user_password
  5. Create a new secret on the production instance, storing the value retrieved from the staging instance:
    ssrun secret create path/to/production:secret -f mysecret

To learn more about DevOps Secrets Safe CLI contexts you can use the -h flag ($ ssrun context -h).

Environment Variable Overrides

Specific environment variables can override the current configured context.


If any of the environment variables below are defined, they override what is in the current context.

export SECRETSSAFE_HOST=(IP address or hostname of DevOps Secrets Safe instance)
export SECRETSSAFE_PORT=(port of DevOps Secrets Safe instance)
export SECRETSSAFE_VERIFY_CA=(bool indicating if ca should be verified)