For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationCommand referenceRelease notes
DocumentationCommand referenceRelease notes
  • Command reference
    • iagctl cert-gen
    • iagctl completion
      • describe decorator
      • describe executable-object
      • describe registry
      • describe repository
      • describe secret
      • describe service
      • describe user
    • iagctl login
    • iagctl runner
    • iagctl server
    • iagctl version
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • Syntax
  • Examples
  • Display a secret with the encryption file flag
  • Display a secret with the encryption file configuration variable
  • Options
  • Options inherited from parent commands
Command referenceiagctl describe

iagctl describe secret

Was this page helpful?
Previous

iagctl describe service

Next
Built with

Display the value of a secret.

The iagctl describe secret command decrypts and displays a secret value in your default terminal editor. The gateway opens the decrypted value in the editor set by the EDITOR environment variable, or vim if EDITOR isn’t set. The gateway removes the temporary file after you exit the editor to prevent the value from being written to logs.

This command reveals the actual secret value. Use caution when running it in shared environments.

Before you run this command, the gateway needs to know where the encryption key file is located. You can provide the location with the --encryption-file flag or by setting the GATEWAY_SECRETS_ENCRYPT_KEY_FILE configuration variable.

For more information on creating and managing secrets, see Create IAG secret store.

Syntax

$iagctl describe secret <secret-name> [flags]

Examples

Display a secret with the encryption file flag

$iagctl describe secret my-secret \
>--encryption-file /Users/gatewayuser/.gateway.d/gateway_secret.key

Display a secret with the encryption file configuration variable

The following example assumes you’ve already set the GATEWAY_SECRETS_ENCRYPT_KEY_FILE configuration variable:

$iagctl describe secret my-secret

Options

$  --encryption-file string   The file to use for decrypting the secret.
$  -h, --help                 Help for secret

Options inherited from parent commands

$  --profile string   Specify the client profile to use (case-insensitive, defaults to [client] section)
$  --config string   Path to the configuration file
$  --raw             Display the result of the command in raw format
$  --verbose         Enable verbose output