Reference

CipherStash CLI

Command-Line Help for stash

This document contains the help content for the stash command-line program.

Command Overview:

Install the CipherStash CLI

The CipherStash CLI is used to manage your CipherStash account, workspaces, datasets, and a variety of other operational tasks. The CLI is the main way you will interact with CipherStash as a developer.

On macOS

Install via Homebrew:

1brew install cipherstash/tap/stash

macOS prompt

If macOS asks you whether you are sure you want to open "stash", please select "Open".

On Linux

Download the binary for your platform:

  1. Make the binary executable:

    1# on x86_64
    2chmod +x $path_to/stash-x86_64-unknown-linux-gnu
    3
    4# on ARM64
    5chmod +x $path_to/stash-aarch64-unknown-linux-gnu
  2. Rename the binary:

    1# on x86_64
    2mv stash-x86_64-unknown-linux-gnu stash
    3
    4# on ARM64
    5mv stash-aarch64-unknown-linux-gnu stash
  3. Place the binary on your $PATH, so you can run it.

stash

The official CLI for CipherStash.

Usage: stash [OPTIONS] <COMMAND>

Subcommands:
  • version — Print version information
  • login — Log into a CipherStash workspace
  • signup — Sign-up for an account with CipherStash
  • workspaces — List workspaces that the current logged in user has access to
  • datasets — List datasets that are available in the current workspace
  • clients — List clients for all datasets in the current workspace
  • logs — Watch the local decryption logs in the current workspace
  • access-keys — List active access keys for the current workspace
  • db-token — Manage DB Tokens
  • identify — Show identity provider details for the current workspace
Options:
  • --vitur-host <BASE_URL> — Specify an override for Vitur base URL
  • --client-id <CLIENT_ID> — Client ID returned during client creation or by running list clients
  • --client-key <CLIENT_KEY_HEX> — Client Key generated during client creation

stash version

Print version information

Usage: stash version

stash login

Log into a CipherStash workspace

Usage: stash login

stash signup

Sign-up for an account with CipherStash

Usage: stash signup

stash workspaces

List workspaces that the current logged in user has access to

Usage: stash workspaces [COMMAND]

Subcommands:
  • switch — Switch from the current default workspace to a different one

stash workspaces switch

Switch from the current default workspace to a different one

Usage: stash workspaces switch <WORKSPACE_ID>

Arguments:
  • <WORKSPACE_ID> — The ID of the workspace to switch into

stash datasets

List datasets that are available in the current workspace

Usage: stash datasets [COMMAND]

Subcommands:
  • create — Create a dataset that can be used to encrypt one or more database tables
  • enable — Enable a previously disabled dataset re-allowing encryption and decryption operations
  • modify — Modify a dataset
  • disable — Disable a dataset and disallow future encryption and decryption operations
  • config — Manage dataset configuration

stash datasets create

Create a dataset that can be used to encrypt one or more database tables

Usage: stash datasets create [OPTIONS] <NAME>

Arguments:
  • <NAME> — The name of the dataset to be created
Options:
  • --description <DESCRIPTION> — A helpful description of what the dataset will be used to encrypt

    Default value: ``

stash datasets enable

Enable a previously disabled dataset re-allowing encryption and decryption operations

Usage: stash datasets enable [OPTIONS] <DATASET_ID>

Arguments:
  • <DATASET_ID> — The UUID of the dataset to be enabled
Options:
  • --confirm — Don't prompt for confirmation

    Possible values: true, false

stash datasets modify

Modify a dataset

Usage: stash datasets modify [OPTIONS] <DATASET_ID>

Arguments:
  • <DATASET_ID> — The UUID of the dataset to be modified
Options:
  • --name <NAME> — The new name of the dataset
  • --description <DESCRIPTION> — The new description of the dataset

stash datasets disable

Disable a dataset and disallow future encryption and decryption operations

Usage: stash datasets disable [OPTIONS] <DATASET_ID>

Arguments:
  • <DATASET_ID> — The UUID of the dataset to be disabled
Options:
  • --confirm — Don't prompt for confirmation

    Possible values: true, false

stash datasets config

Manage dataset configuration

Usage: stash datasets config <COMMAND>

Subcommands:
  • upload — Upload configuration for a dataset
  • display — Display the configuration for a dataset

stash datasets config upload

Upload configuration for a dataset

Usage: stash datasets config upload [OPTIONS] --file <FILE>

Options:
  • --file <FILE> — Path to the file containing the config for the dataset in yaml format

  • -y, --assume-yes — Skip the confirmation prompt

    Possible values: true, false

stash datasets config display

Display the configuration for a dataset

Usage: stash datasets config display

stash clients

List clients for all datasets in the current workspace

Usage: stash clients [COMMAND]

Subcommands:
  • create — Create a client that can be used to programmatically access a dataset
  • revoke — Revoke a client

stash clients create

Create a client that can be used to programmatically access a dataset

Usage: stash clients create [OPTIONS] --dataset-id <DATASET_ID> <NAME>

Arguments:
  • <NAME> — The name of the client to be created
Options:
  • --description <DESCRIPTION> — A helpful description of what the client will be used for

    Default value: ``

  • --dataset-id <DATASET_ID> — The UUID of the dataset that a client should be created for

stash clients revoke

Revoke a client

Usage: stash clients revoke <CLIENT_ID>

Arguments:
  • <CLIENT_ID>

stash logs

Watch the local decryption logs in the current workspace

Usage: stash logs [OPTIONS]

Options:
  • -n, --tail <TAIL>

    Default value: 100

stash access-keys

List active access keys for the current workspace

Usage: stash access-keys [OPTIONS] [WORKSPACE_ID] [COMMAND]

Subcommands:
  • create — Create an access key for a workspace to allow programmatic access to that workspace without an account
  • revoke — Revoke a previously created access key from a workspace
Arguments:
  • <WORKSPACE_ID> — List access keys for a specific workspace
Options:
  • --all-workspaces — Optionally list access keys from all workspaces

    Default value: false

    Possible values: true, false

stash access-keys create

Create an access key for a workspace to allow programmatic access to that workspace without an account

Usage: stash access-keys create [OPTIONS] <NAME>

Arguments:
  • <NAME> — The name of the access key to be created. Maximum length is 42 characters.
Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id for which the access key should be created

stash access-keys revoke

Revoke a previously created access key from a workspace

Usage: stash access-keys revoke [OPTIONS] <NAME>

Arguments:
  • <NAME>
Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id of the access key to be revoked

stash db-token

Manage DB Tokens

Usage: stash db-token <COMMAND>

Subcommands:
  • create — Create a single-use DB token for a workspace to gaid adhoc DB access via a proxy running in the same workspace

stash db-token create

Create a single-use DB token for a workspace to gaid adhoc DB access via a proxy running in the same workspace

Usage: stash db-token create [WORKSPACE_ID]

Arguments:
  • <WORKSPACE_ID>

stash identify

Show identity provider details for the current workspace

Usage: stash identify <COMMAND>

Subcommands:
  • provider

stash identify provider

Usage: stash identify provider [COMMAND]

Subcommands:
  • show — Display the Identity Provider details for the workspace
  • trust — Modify the issuers for the workspace Identity Provider
  • revoke — Modify the issuers for the workspace Identity Provider

stash identify provider show

Display the Identity Provider details for the workspace

Usage: stash identify provider show [OPTIONS]

Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id of the provider to be displayed

stash identify provider trust

Modify the issuers for the workspace Identity Provider

Usage: stash identify provider trust [OPTIONS]

Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id of the provider to be modified
  • --issuer <ISSUER> — Issuers as comma-delimited string
  • --audience <AUDIENCE> — Audiences as comma-delimited string

stash identify provider revoke

Modify the issuers for the workspace Identity Provider

Usage: stash identify provider revoke [OPTIONS]

Options:
  • --workspace-id <WORKSPACE_ID> — The workspace id of the provider to be modified
  • --issuer — Reset Issuer
  • --audience — Reset Audience
Previous
Limitations and tradeoffs