...
| Note |
|---|
Setting your key store password as an environment variable may or may not be appropriate, depending on your risk tolerance. Doing so is a convenience, but one that comes at a cost of reduced security. You still have the advantage that if your key store file escapes your system it is strongly encrypted, but the storage of your key store password as an environment variable may make it easier to compromise your key store in a sophisticated attack. Whether you decide this is an acceptable risk is entirely at your discretion, and depends on the threat modeling under consideration by you and your organization. Use this method at your own risk. |
Actions
Use ACLI actions, part of the ACLI system client, to create, update, read, and delete key-value pairs stored in the Secure Properties key store.
To use a secure property in acli.properties, follow the example:
| Code Block |
|---|
| breakoutMode | wide |
|---|
| language | none |
|---|
|
my-jira = jiracloud -s https://myjira.atlassian.net -u me@example.com -t ${secret:my-jira.token} |
The table shows how you can work with the secure properties and provides examples.
removeSecureProperty
This action removes a secure property from the key store.
To ensure that a value is not accidentally removed, you are prompted for confirmation. If you add the --force parameter, the secure property is removed without confirmation. If after this operation the key store is empty, it is automatically removed. | exportSecureProperties
This action allows you to export secure properties from your default key store to another key store file |
|---|
setSecureProperty
This action sets or overwrites a secure property in the key store.
If a property name already exists, you are prompted to confirm that you wish to overwrite the value.
Use --replace to skip the confirmation prompt. Example: Set Secure Property | Code Block |
|---|
$ acli system -a setSecureProperty --name my-jira.token --secret
Enter secure properties password: <password prompt>
Value for key 'my-jira.token' set in secure properties file. |
| clearSecureProperties
This action clears the entire secure properties key store file.
To ensure that a value is not accidentally removed, you are prompted for confirmation.
If you add the --force parameter, the secure property file is removed without confirmation.
To complete the action, you are prompted to insert the key store password.
If you have forgotten the password, you must manually delete the key store file in your home directory. Example: Clear all secure properties | Code Block |
|---|
| $ acli system -a clearSecureProperties
Enter secure properties password: <password prompt>
Enter CONFIRM to permanently clear all secure properties (CANNOT be undone): CONFIRM
Secure properties cleared. |
|
getSecureProperty
This action only retrieves a secure property from the key store.
To retrieve the property value, use: --outputFormat 2. |
importSecureProperties
This action allows you to import secure properties from another key store file to your default key store.
To do so, you need the password for both the source and destination key stores.
OPTIONS Note that each of the imported properties, take a regular expression value that is evaluated against the list of keys in the source key store. This can be useful for sharing selected secure properties, just ensure to not store or transmit the password with the data! | Example: Get Secure Property | Code Block |
|---|
| $ acli system -a getSecureProperty --name my-jira.token
Enter secure properties password: <password prompt>
Secure property 'foo' exists in the secure properties file. |
Example: Get Secure Property with value | Code Block |
|---|
| $ acli system -a getSecureProperty --name foo --outputFormat 2
Enter secure properties password: <password prompt>
Value of secure property 'my-jira.token': <your token value> |
| importSecureProperties
This action allows you to import secure properties from another key store file to your default key store.
To do so, you need the password for both the source and destination key stores.
OPTIONS |
export exported exported properties, take a regular expression value that is evaluated against the list of keys in the source key store.getSecurePropertyList
This action only returns all secure properties from the key store.
To retrieve the list of property value, use:
--outputFormat 2.
getSecureProperty
This action will get a secure property from the key store. By default it will only report whether or not the property was found in the key store. To also return the value, use --outputFormat 2.
removeSecureProperty
This action will remove a secure property from the key store. In order to ensure that a value is not easily removed by mistake, you will be prompted for confirmation unless you also add the --force parameter. If the key store is empty after this operation, it is automatically removed.
getSecurePropertyList
This action returns all secure properties from the key store. By default it will only report the existing property names. To also return their values, use --outputFormat 2.
clearSecureProperties
This action clears the entire secure properties key store file. In order to ensure you don’t casually destroy the file, you will be prompted for confirmation unless you also add the --force parameter.
You may be prompted for the key store password to complete this action. If you have forgotten the password and wish to start fresh, you must manually delete the key store file (see above for location information).
importSecureProperties
...
imported properties, take a regular expression value that is evaluated against the list of keys in the source key store. This can be useful for sharing |
...
selected secure properties, just |
...
ensure to not store or transmit the password with the data! |
exportSecureProperties
This action allows you to export secure properties from your default key store to another key store file. You will need the password for both the source and destination key stores. To avoid being asked to confirm overwriting properties during import, use the --replace parameter. You may also use the --include and --exclude parameters to filter the properties being imported – each of these take a regular expression value that is evaluated against the list of keys in the source key store.
Examples
Set a secure property
Example: Import secure properties | Code Block |
|---|
| $ acli system -a |
|
...
...
f import.keystore
Enter secure properties password: <destination |
|
...
...
...
inbound secure properties |
|
...
Get a secure property
| Code Block |
|---|
|
$ acli system -a getSecureProperty --name my-jira.token
Enter secure properties password: <password prompt>
Secure property 'foo' exists in the secure properties file. |
...
password: <source password prompt>
Imported 0 secure properties.
Ignored: buz,foo. Use --replace to overwrite existing values. |
Example: Import select secure properties (via inclusion) with overwrite | Code Block |
|---|
| $ acli system -a |
|
...
importSecureProperties -f import.keystore -- |
|
...
...
...
Enter secure properties password: |
|
...
<destination password prompt>
|
|
...
...
...
...
...
Get secure property list with values
| Code Block |
|---|
|
$ acli system -a getSecurePropertyList --outputFormat 2
Enter secure properties password:
2 secure properties in list
"Name","Value"
"buz","qux"
"foo","foo" |
Use a secure property in acli.properties
| Code Block |
|---|
|
my-jira = jiracloud -s https://myjira.atlassian.net -u me@example.com -t ${secret:my-jira.token} |
password prompt>
Imported 1 secure property: foo. |
|
removeSecureProperty
This action removes a secure property from the key store.
To ensure that a value is not accidentally removed, you are prompted for confirmation. If you add the --force parameter, the secure property is removed without confirmation. If after this operation the key store is empty, it is automatically removed. Example: Remove a secure property | Code Block |
|---|
| $ acli system -a removeSecureProperty --name my-jira.token
Enter secure properties password: <password prompt>
Enter CONFIRM to permanently remove the secure property 'my-jira.token': CONFIRM
Removed value for key 'my-jira.token' from secure properties file.
Deleted empty keystore file. |
|
Clear all secure properties
| Code Block |
|---|
|
$ acli system -a clearSecureProperties
Enter secure properties password: <password prompt>
Enter CONFIRM to permanently clear all secure properties (CANNOT be undone): CONFIRM
Secure properties cleared. |
Import secure properties
| Code Block |
|---|
|
$ acli system -a importSecureProperties -f import.keystore
Enter secure properties password: <destination password prompt>
Enter inbound secure properties password: <source password prompt>
Imported 0 secure properties.
Ignored: buz,foo. Use --replace to overwrite existing values. |
...
| exportSecureProperties
This action allows you to export secure properties from your default key store to another key store file.
To do so, you need the password for both the source and destination key stores. OPTIONS Note that each of the exported properties, take a regular expression value that is evaluated against the list of keys in the source key store. Example: Export select secure properties (via exclusion) with overwrite | Code Block |
|---|
| $ acli system -a |
|
...
exportSecureProperties -f |
|
...
...
exclude '(?i)^F' --replace
Enter secure properties password: |
|
...
<source password prompt>
Enter |
|
...
outbound secure properties password: |
|
...
<destination password prompt>
|
|
...
Exported 1 secure property: |
|
...
...
|
getSecurePropertyList
This action only returns all secure properties from the key store.
To retrieve the list of property value, use: --outputFormat 2. Example Get secure property list with values| Code Block |
|---|
| $ acli system -a |
|
...
...
outputFormat 2
Enter secure properties password:
|
|
...
...
...
list
"Name","Value"
"buz","qux"
"foo","foo" |
| |