...
| Code Block | ||
|---|---|---|
| ||
$ acli system setSecureProperty --name my.secret --secret - Enter secure value: <secret value prompt> Secure properties file does not yet exist. Creating... Enter new secure properties password: <new password prompt> Confirm secure properties password: <new password prompt> Remember your password, it cannot be recovered! Secure properties file created. Value for key 'foo' set in secure properties file. |
The value for the --secret parameter in this example is provided as - which indicates that the value should be obtain via an interactive prompt (or read from stdin if not connected to a tty). We strongly recommend providing sensitive values this way so that they are not accidentally recorded in your shell history, where they would end up existing in plain text anyway!
Breaking this down, you can see that first ACLI will prompt for the value of the secret to be stored, and then it will prompt for the new key store file password (with confirmation).
| Note |
|---|
The key store requires a non-blank password. Once created, do not forget the password! Key store passwords cannot be recovered by ACLI support. If your password is ever compromised, you should consider the contents of the key store to also be compromised and rotate any secrets it contains accordingly. |
...
. |
...
Once created, the key store file (named .acli.keystore) can be found in your home directory. Each ACLI user on a given system has their own such file (because of other ACLI limitations, it is still necessary on a multi-user system for each user to maintain their own ACLI installation). The key store file path can be overridden to point to an alternative location through the use of the environment variable ACLI_SECURE_PROPERTIES. This can be useful if you need to work with multiple key stores or multiple installations of ACLI, but typically should not be needed.
...