`orca secret`¶

Manage Barbican secrets and containers.

The reference below is generated from the live CLI by mkdocs-click. It always reflects the version installed.

orca secret¶

Manage secrets & containers (Barbican key-manager).

Usage:

orca secret [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

acl: Manage per-secret ACLs (read access).
acl-delete: [deprecated, use 'secret acl delete' instead]
acl-get: [deprecated, use 'secret acl get' instead]
acl-set: [deprecated, use 'secret acl set' instead]
consumer: Manage consumers registered on Barbican containers.
container: Manage Barbican secret containers.
container-create: Create a secret container.
container-delete: Delete a secret container.
container-list: List secret containers.
container-show: Show secret container details.
create: Create a secret.
delete: Delete a secret.
get-payload: Retrieve secret payload.
list: List secrets.
order: Manage Barbican key/certificate orders.
order-create: Create a secret order (async key/certificate generation).
order-delete: Delete a secret order.
order-list: List secret orders.
order-show: Show an order's details.
show: Show secret metadata.
show: Show secret metadata.
store: Upload payload data to an existing metadata-only secret.
store: Upload payload data to an existing metadata-only secret.

orca secret acl¶

Manage per-secret ACLs (read access).

Usage:

orca secret acl [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

delete: Delete the ACL on a secret (revert to project-wide access).
get: Get the ACL for a secret.
set: Set the ACL on a secret.
set: Set the ACL on a secret.
user: Per-user ACL operations on a secret.

orca secret acl delete¶

Delete the ACL on a secret (revert to project-wide access).

Usage:

orca secret acl delete [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl get¶

Get the ACL for a secret.

Usage:

orca secret acl get [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl set¶

Set the ACL on a secret.

Usage:

orca secret acl set [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID to grant read access to (repeatable).	`Sentinel.UNSET`
`--project-access` / `--no-project-access`	boolean	Allow all project users read access.	`True`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl set¶

Set the ACL on a secret.

Usage:

orca secret acl set [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID to grant read access to (repeatable).	`Sentinel.UNSET`
`--project-access` / `--no-project-access`	boolean	Allow all project users read access.	`True`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl user¶

Per-user ACL operations on a secret.

Usage:

orca secret acl user [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

add: Add users to a secret's read ACL.
remove: Remove users from a secret's read ACL.

orca secret acl user add¶

Add users to a secret's read ACL.

Usage:

orca secret acl user add [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID to grant read access (repeatable).	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl user remove¶

Remove users from a secret's read ACL.

Usage:

orca secret acl user remove [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID to revoke read access from (repeatable).	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl-delete¶

Delete the ACL on a secret (revert to project-wide access).

Usage:

orca secret acl-delete [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl-get¶

Get the ACL for a secret.

Usage:

orca secret acl-get [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret acl-set¶

Set the ACL on a secret.

Usage:

orca secret acl-set [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID to grant read access to (repeatable).	`Sentinel.UNSET`
`--project-access` / `--no-project-access`	boolean	Allow all project users read access.	`True`
`--help`	boolean	Show this message and exit.	`False`

orca secret consumer¶

Manage consumers registered on Barbican containers.

Usage:

orca secret consumer [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

create: Register a consumer on a container.
delete: Remove a consumer from a container.
list: List consumers registered on a container.

orca secret consumer create¶

Register a consumer on a container.

Usage:

orca secret consumer create [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--name`	text	Consumer name (free-form).	`Sentinel.UNSET`
`--url`	text	Consumer URL (e.g. the resource that uses the secret).	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`

orca secret consumer delete¶

Remove a consumer from a container.

Usage:

orca secret consumer delete [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--name`	text	Consumer name to remove.	`Sentinel.UNSET`
`--url`	text	Consumer URL to remove.	`Sentinel.UNSET`
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret consumer list¶

List consumers registered on a container.

Usage:

orca secret consumer list [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret container¶

Manage Barbican secret containers.

Usage:

orca secret container [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

container-create: Create a secret container.
container-delete: Delete a secret container.
container-list: List secret containers.
container-show: Show secret container details.
container-show: Show secret container details.

orca secret container container-create¶

Create a secret container.

Example: orca secret container-create --name my-cert --type certificate \ --secret certificate= \ --secret private_key=

Usage:

orca secret container container-create [OPTIONS]

Options:

Name	Type	Description	Default
`--name`	text	Container name.	None
`--type`	choice (`generic` \| `rsa` \| `certificate`)	Container type.	`generic`
`--secret`	text	Secret reference (repeatable): name=.	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`

orca secret container container-delete¶

Delete a secret container.

Usage:

orca secret container container-delete [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret container container-list¶

List secret containers.

Usage:

orca secret container container-list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret container container-show¶

Show secret container details.

Usage:

orca secret container container-show [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret container container-show¶

Show secret container details.

Usage:

orca secret container container-show [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret container-create¶

Create a secret container.

Example: orca secret container-create --name my-cert --type certificate \ --secret certificate= \ --secret private_key=

Usage:

orca secret container-create [OPTIONS]

Options:

Name	Type	Description	Default
`--name`	text	Container name.	None
`--type`	choice (`generic` \| `rsa` \| `certificate`)	Container type.	`generic`
`--secret`	text	Secret reference (repeatable): name=.	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`

orca secret container-delete¶

Delete a secret container.

Usage:

orca secret container-delete [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret container-list¶

List secret containers.

Usage:

orca secret container-list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret container-show¶

Show secret container details.

Usage:

orca secret container-show [OPTIONS] CONTAINER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret create¶

Create a secret.

Examples: orca secret create my-password --payload "s3cret" --secret-type passphrase orca secret create my-key --algorithm AES --bit-length 256 --secret-type symmetric

Usage:

orca secret create [OPTIONS] NAME

Options:

Name	Type	Description	Default
`--payload`	text	Secret payload (inline).	None
`--payload-content-type`	text	MIME type of payload.	`text/plain`
`--secret-type`	choice (`symmetric` \| `public` \| `private` \| `passphrase` \| `certificate` \| `opaque`)	N/A	`opaque`
`--algorithm`	text	Algorithm (e.g. AES, RSA).	None
`--bit-length`	integer	Bit length.	None
`--expiration`	text	Expiration datetime (ISO 8601).	None
`--help`	boolean	Show this message and exit.	`False`

orca secret delete¶

Delete a secret.

Usage:

orca secret delete [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret get-payload¶

Retrieve secret payload.

Usage:

orca secret get-payload [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

orca secret list¶

List secrets.

Usage:

orca secret list [OPTIONS]

Options:

Name	Type	Description	Default
`--limit`	integer	Max results.	None
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret order¶

Manage Barbican key/certificate orders.

Usage:

orca secret order [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

order-create: Create a secret order (async key/certificate generation).
order-delete: Delete a secret order.
order-list: List secret orders.
order-show: Show an order's details.
order-show: Show an order's details.

orca secret order order-create¶

Create a secret order (async key/certificate generation).

Examples: orca secret order-create --type key --algorithm aes --bit-length 256 orca secret order-create --type asymmetric --algorithm rsa --bit-length 2048

Usage:

orca secret order order-create [OPTIONS]

Options:

Name	Type	Description	Default
`--type`	choice (`key` \| `asymmetric` \| `certificate`)	Order type.	`Sentinel.UNSET`
`--name`	text	Secret name for the resulting secret.	None
`--algorithm`	text	Key algorithm (e.g. aes, rsa).	None
`--bit-length`	integer	Key bit length.	None
`--mode`	text	Encryption mode (e.g. cbc).	None
`--help`	boolean	Show this message and exit.	`False`

orca secret order order-delete¶

Delete a secret order.

Usage:

orca secret order order-delete [OPTIONS] ORDER_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret order order-list¶

List secret orders.

Usage:

orca secret order order-list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret order order-show¶

Show an order's details.

Usage:

orca secret order order-show [OPTIONS] ORDER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret order order-show¶

Show an order's details.

Usage:

orca secret order order-show [OPTIONS] ORDER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret order-create¶

Create a secret order (async key/certificate generation).

Examples: orca secret order-create --type key --algorithm aes --bit-length 256 orca secret order-create --type asymmetric --algorithm rsa --bit-length 2048

Usage:

orca secret order-create [OPTIONS]

Options:

Name	Type	Description	Default
`--type`	choice (`key` \| `asymmetric` \| `certificate`)	Order type.	`Sentinel.UNSET`
`--name`	text	Secret name for the resulting secret.	None
`--algorithm`	text	Key algorithm (e.g. aes, rsa).	None
`--bit-length`	integer	Key bit length.	None
`--mode`	text	Encryption mode (e.g. cbc).	None
`--help`	boolean	Show this message and exit.	`False`

orca secret order-delete¶

Delete a secret order.

Usage:

orca secret order-delete [OPTIONS] ORDER_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca secret order-list¶

List secret orders.

Usage:

orca secret order-list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret order-show¶

Show an order's details.

Usage:

orca secret order-show [OPTIONS] ORDER_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret show¶

Show secret metadata.

Usage:

orca secret show [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret show¶

Show secret metadata.

Usage:

orca secret show [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca secret store¶

Upload payload data to an existing metadata-only secret.

Usage:

orca secret store [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--payload`	text	Inline payload (use --payload-file for binary).	`Sentinel.UNSET`
`--payload-file`	file	File containing the payload (binary safe).	`Sentinel.UNSET`
`--content-type`	text	Payload MIME type.	`application/octet-stream`
`--content-encoding`	text	Payload encoding (e.g. base64 for binary inside text).	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`

orca secret store¶

Upload payload data to an existing metadata-only secret.

Usage:

orca secret store [OPTIONS] SECRET_ID

Options:

Name	Type	Description	Default
`--payload`	text	Inline payload (use --payload-file for binary).	`Sentinel.UNSET`
`--payload-file`	file	File containing the payload (binary safe).	`Sentinel.UNSET`
`--content-type`	text	Payload MIME type.	`application/octet-stream`
`--content-encoding`	text	Payload encoding (e.g. base64 for binary inside text).	`Sentinel.UNSET`
`--help`	boolean	Show this message and exit.	`False`