iagctl describe secret

Display the value of a secret.

The iagctl describe secret command decrypts and displays a secret value in your default terminal editor. The gateway opens the decrypted value in the editor set by the EDITOR environment variable, or vim if EDITOR isn’t set. The gateway removes the temporary file after you exit the editor to prevent the value from being written to logs.

This command reveals the actual secret value. Use caution when running it in shared environments.

Before you run this command, the gateway needs to know where the encryption key file is located. You can provide the location with the --encryption-file flag or by setting the GATEWAY_SECRETS_ENCRYPT_KEY_FILE configuration variable.

For more information on creating and managing secrets, see Create IAG secret store.

Syntax

$ iagctl describe secret <secret-name> [flags]

Examples

Display a secret with the encryption file flag

$ iagctl describe secret my-secret \
> --encryption-file /Users/gatewayuser/.gateway.d/gateway_secret.key

Display a secret with the encryption file configuration variable

The following example assumes you’ve already set the GATEWAY_SECRETS_ENCRYPT_KEY_FILE configuration variable:

$ iagctl describe secret my-secret

Options

$   --encryption-file string   The file to use for decrypting the secret.
$   -h, --help                 Help for secret

Options inherited from parent commands

$   --config string   Path to the configuration file
$   --raw             Display the result of the command in raw format
$   --verbose         Enable verbose output