Reference

CipherStash CLI

This document contains the help content for the stash command-line program. Click here for the installation instructions.

Command Overview:

Install the CipherStash CLI

The CipherStash CLI is used to manage your CipherStash account, workspaces, datasets, and a variety of other operational tasks. The CLI is the main way you will interact with CipherStash as a developer.

On macOS

Install via Homebrew:

1brew install cipherstash/tap/stash
2

macOS prompt

If macOS asks you whether you are sure you want to open "stash", please select "Open".

On Linux

Download the binary for your platform:

  1. Make the binary executable:

    1# on x86_64
    2chmod +x $path_to/stash-x86_64-unknown-linux-gnu
    3
    4# on ARM64
    5chmod +x $path_to/stash-aarch64-unknown-linux-gnu
    6
  2. Rename the binary:

    1# on x86_64
    2mv stash-x86_64-unknown-linux-gnu stash
    3
    4# on ARM64
    5mv stash-aarch64-unknown-linux-gnu stash
    6
  3. Place the binary on your $PATH, so you can run it.

stash

The official CLI for CipherStash.

Usage: stash [OPTIONS] <COMMAND>

Subcommands:
  • version — Print version information
  • login — Log into a CipherStash workspace
  • signup — Sign-up for an account with CipherStash
  • workspaces — List workspaces that the current logged in user has access to
  • datasets — List datasets that are available in the current workspace
  • clients — List clients for all datasets in the current workspace
  • logs — Watch the local decryption logs in the current workspace
  • access-keys — List active access keys for the current workspace
Options:
  • --vitur-host <BASE_URL> — Specify an override for Vitur base URL
  • --client-id <CLIENT_ID> — Client ID returned during client creation or by running list clients
  • --client-key <CLIENT_KEY_HEX> — Client Key generated during client creation

stash version

Print version information

Usage: stash version

stash login

Log into a CipherStash workspace

Usage: stash login

stash signup

Sign-up for an account with CipherStash

Usage: stash signup

stash workspaces

List workspaces that the current logged in user has access to

Usage: stash workspaces [COMMAND]

Subcommands:
  • switch — Switch from the current default workspace to a different one

stash workspaces switch

Switch from the current default workspace to a different one

Usage: stash workspaces switch <WORKSPACE_ID>

Arguments:
  • <WORKSPACE_ID> — The ID of the workspace to switch into

stash datasets

List datasets that are available in the current workspace

Usage: stash datasets [COMMAND]

Subcommands:
  • create — Create a dataset that can be used to encrypt one or more database tables
  • enable — Enable a previously disabled dataset re-allowing encryption and decryption operations
  • disable — Disable a dataset and disallow future encryption and decryption operations
  • config — Manage dataset configuration

stash datasets create

Create a dataset that can be used to encrypt one or more database tables

Usage: stash datasets create [OPTIONS] <NAME>

Arguments:
  • <NAME> — The name of the dataset to be created
Options:
  • --description <DESCRIPTION> — A helpful description of what the dataset will be used to encrypt

    Default value: ``

stash datasets enable

Enable a previously disabled dataset re-allowing encryption and decryption operations

Usage: stash datasets enable [OPTIONS] <DATASET_ID>

Arguments:
  • <DATASET_ID> — The UUID of the dataset to be enabled
Options:
  • --confirm — Don't prompt for confirmation

stash datasets disable

Disable a dataset and disallow future encryption and decryption operations

Usage: stash datasets disable [OPTIONS] <DATASET_ID>

Arguments:
  • <DATASET_ID> — The UUID of the dataset to be disabled
Options:
  • --confirm — Don't prompt for confirmation

stash datasets config

Manage dataset configuration

Usage: stash datasets config <COMMAND>

Subcommands:
  • upload — Upload configuration for a dataset
  • display — Display the configuration for a dataset

stash datasets config upload

Upload configuration for a dataset

Usage: stash datasets config upload [OPTIONS] --file <FILE>

Options:
  • --file <FILE> — Path to the file containing the config for the dataset in yaml format
  • -y, --assume-yes — Skip the confirmation prompt

stash datasets config display

Display the configuration for a dataset

Usage: stash datasets config display

stash clients

List clients for all datasets in the current workspace

Usage: stash clients [COMMAND]

Subcommands:
  • create — Create a client that can be used to programmatically access a dataset
  • revoke — Revoke a client

stash clients create

Create a client that can be used to programmatically access a dataset

Usage: stash clients create [OPTIONS] --dataset-id <DATASET_ID> <NAME>

Arguments:
  • <NAME> — The name of the client to be created
Options:
  • --description <DESCRIPTION> — A helpful description of what the client will be used for

    Default value: ``

  • --dataset-id <DATASET_ID> — The UUID of the dataset that a client should be created for

stash clients revoke

Revoke a client

Usage: stash clients revoke <CLIENT_ID>

Arguments:
  • <CLIENT_ID>

stash logs

Watch the local decryption logs in the current workspace

Usage: stash logs [OPTIONS]

Options:
  • -n, --tail <TAIL>

    Default value: 100

stash access-keys

List active access keys for the current workspace

Usage: stash access-keys [WORKSPACE_ID] [COMMAND]

Subcommands:
  • create — Create an access key for a workspace to allow programmatic access to that workspace without an account
  • revoke — Revoke a previously created access key from a workspace
Arguments:
  • <WORKSPACE_ID> — Optional arg to only return access keys for a specific workspace

stash access-keys create

Create an access key for a workspace to allow programmatic access to that workspace without an account

Usage: stash access-keys create --workspace-id <WORKSPACE_ID> <NAME>

Arguments:
  • <NAME> — The name of the access key to be created
Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id for which the access key should be created

stash access-keys revoke

Revoke a previously created access key from a workspace

Usage: stash access-keys revoke --workspace-id <WORKSPACE_ID> <NAME>

Arguments:
  • <NAME>
Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id of the access key to be revoked

<hr/>

<small><i> This document was generated automatically by <a href="https://crates.io/crates/clap-markdown"><code>clap-markdown</code></a>. </i></small>

Previous
Limitations, quirks, and tradeoffs