Manage Secrets and Scopes

Before starting this section, ensure you have initialized, unsealed, and logged into DevOps Secrets Safe as root.

The next example assumes there are two files, myTestSecretData1.txt and myTestSecretData2.txt, containing data you want to store as secrets.

  1. Create two secrets:
    ssrun secret create -f myTestSecretData1.txt path/to/my/secrets:mytestsecret1
    ssrun secret create -f myTestSecretData2.txt path/to/my/secrets:mytestsecret2

Whenever you reference a secret, the URI must be in the format {scopePath}:{secretName}. For example, path/of/scope:secretName.

  1. Retrieve the list of secret names for a given scope:
    ssrun scope get path/to/my/secrets

The next example assumes there is a file called updatedMyTestSecretData1.txt containing the data you want to use to update this secret.

  1. Update a secret:
    ssrun secret update -f updatedMyTestSecretData1.txt path/to/my/secrets:mytestsecret1
  2. Retrieve a secret:
    ssrun secret get path/to/my/secrets:mytestsecret1
  3. Retrieve all secrets under a scope and save them in the directory my_secret_dir
    ssrun secret get path/to/my/secrets -d my_secret_dir
  4. Remove a secret:
    ssrun secret delete path/to/my/secrets:mytestsecret1

This not only removes the secret but also all metadata that is associated with it.

  1. Remove a scope:
    ssrun scope delete path/to/my/secrets

This not only removes the scope but also all scopes, secrets and metadata that are children of it.

Secret and Scope Maximums

DSS enforces a maximum size for secret and scope names:

  • The maximum number of characters in any path segment is 1024. A segment is a string between two forward-slash (/) characters.
  • The maximum number of segments in any scope path is 100.