Skip to content

orca acl

Manage Barbican secret ACLs (OSC-parity top-level).

The reference below is generated from the live CLI by mkdocs-click. It always reflects the version installed.

orca acl

Barbican secret ACLs — OSC parity top-level.

Usage:

orca acl [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help boolean Show this message and exit. False

Subcommands

  • delete: Delete the ACL on a secret (revert to project-wide access).
  • get: Get the ACL for a secret.
  • set: Set the ACL on a secret.
  • user: Per-user ACL operations on a secret.

orca acl delete

Delete the ACL on a secret (revert to project-wide access).

Usage:

orca acl delete [OPTIONS] SECRET_ID

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation. False
--help boolean Show this message and exit. False

orca acl get

Get the ACL for a secret.

Usage:

orca acl get [OPTIONS] SECRET_ID

Options:

Name Type Description Default
--noindent boolean Disable JSON indentation. False
--max-width integer Maximum table width (0 = unlimited). None
--fit-width boolean Fit table to terminal width. False
--column, -c text Column to include (repeatable). Shows all if omitted. Sentinel.UNSET
--format, -f choice (table | json | value) Output format. table
--help boolean Show this message and exit. False

orca acl set

Set the ACL on a secret.

Usage:

orca acl set [OPTIONS] SECRET_ID

Options:

Name Type Description Default
--user text User ID to grant read access to (repeatable). Sentinel.UNSET
--project-access / --no-project-access boolean Allow all project users read access. True
--help boolean Show this message and exit. False

orca acl user

Per-user ACL operations on a secret.

Usage:

orca acl user [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help boolean Show this message and exit. False

Subcommands

  • add: Add users to a secret's read ACL.
  • remove: Remove users from a secret's read ACL.
orca acl user add

Add users to a secret's read ACL.

Usage:

orca acl user add [OPTIONS] SECRET_ID

Options:

Name Type Description Default
--user text User ID to grant read access (repeatable). Sentinel.UNSET
--help boolean Show this message and exit. False
orca acl user remove

Remove users from a secret's read ACL.

Usage:

orca acl user remove [OPTIONS] SECRET_ID

Options:

Name Type Description Default
--user text User ID to revoke read access from (repeatable). Sentinel.UNSET
--help boolean Show this message and exit. False