This document contains the help content for the stash command-line program.

Command overview:

• stash↴
• stash access-keys↴
• stash access-keys list↴
• stash access-keys create↴
• stash access-keys revoke↴
• stash clients↴
• stash clients create↴
• stash clients revoke↴
• stash keysets↴
• stash keysets create↴
• stash keysets enable↴
• stash keysets modify↴
• stash keysets disable↴
• stash login↴
• stash oidc↴
• stash oidc providers↴
• stash oidc providers list↴
• stash oidc providers create↴
• stash oidc providers delete↴
• stash setup↴
• stash signup↴
• stash workspaces↴
• stash workspaces switch↴
• stash workspaces create↴
• stash version↴

The official CLI for CipherStash.

Usage: stash <COMMAND>

• access-keys — Manage access keys for the workspace
• clients — List clients for all datasets in the current workspace
• keysets — List the keysets that are available in the current workspace
• login — Log into a CipherStash workspace
• oidc — Manage Open ID Connect settings for the workspace
• setup — Setup your environment for the first time
• signup — Sign-up for an account with CipherStash
• workspaces — List workspaces that the current logged in user has access to
• version — Print version information

Manage access keys for the workspace

Usage: stash access-keys [COMMAND]

• list — List the access keys for the workspace
• create — Create an access key for non-interactive operations
• revoke — Revoke a previously created access key

List the access keys for the workspace

Usage: stash access-keys list

Create an access key for non-interactive operations

Usage: stash access-keys create <NAME>

• <NAME> — The name of the access key to be created. Maximum length is 42 characters

Revoke a previously created access key

Usage: stash access-keys revoke <NAME>

• <NAME> — The name of the access key to be revoked and deleted

List clients for all datasets in the current workspace

Usage: stash clients [COMMAND]

• create — Create a client that can be used to programmatically access a dataset
• revoke — Revoke a client

Create a client that can be used to programmatically access a dataset

Usage: stash clients create [OPTIONS] --keyset-id <KEYSET_ID> <NAME>

• <NAME> — The name of the client to be created

• --description <DESCRIPTION> — A helpful description of what the client will be used for

  Default value: ``

• --keyset-id <KEYSET_ID> — The UUID of the dataset that a client should be created for

Revoke a client

Usage: stash clients revoke --client-id <CLIENT_ID>

• -c, --client-id <CLIENT_ID> — The client id to revoke

List the keysets that are available in the current workspace

Usage: stash keysets [OPTIONS] [COMMAND]

• create — Create a keyset that can be used to encrypt a collection of data
• enable — Enable a previously disabled keyset re-allowing encryption and decryption operations
• modify — Modify a keyset
• disable — Disable a keyset and disallow future encryption and decryption operations

• --include-disabled

  Default value: false

Create a keyset that can be used to encrypt a collection of data

Usage: stash keysets create [OPTIONS] <NAME>

• <NAME> — The name of the dataset to be created

• --description <DESCRIPTION> — A helpful description of what the keyset will be used to encrypt

  Default value: ``

Enable a previously disabled keyset re-allowing encryption and decryption operations

Usage: stash keysets enable [OPTIONS] <DATASET_ID>

• <DATASET_ID> — The UUID of the keyset to be enabled

• --force — Don't prompt for confirmation

Modify a keyset

Usage: stash keysets modify [OPTIONS] <KEYSET_ID>

• <KEYSET_ID> — The UUID of the keyset to be modified

• --name <NAME> — The new name of the keyset
• --description <DESCRIPTION> — The new description of the keyset

Disable a keyset and disallow future encryption and decryption operations

Usage: stash keysets disable [OPTIONS] <KEYSET_ID>

• <KEYSET_ID> — The UUID of the keyset to be disabled

• --force — Don't prompt for confirmation

Log into a CipherStash workspace

Usage: stash login

Manage Open ID Connect settings for the workspace

Usage: stash oidc <COMMAND>

• providers — Manage the OIDC Provider(s) for the workspace

Manage the OIDC Provider(s) for the workspace

Usage: stash oidc providers [COMMAND]

• list — List the OIDC Providers for the workspace
• create — Add a new OIDC Provider to the workspace
• delete — Delete an OIDC Provider from the workspace via its ID

List the OIDC Providers for the workspace

Usage: stash oidc providers list

Add a new OIDC Provider to the workspace

Usage: stash oidc providers create <VENDOR> <ISSUER>

• <VENDOR> — The vendor of the issuer

  Possible values: auth0, okta, clerk

• <ISSUER> — The Url of the issuer

Delete an OIDC Provider from the workspace via its ID

Usage: stash oidc providers delete <ID>

• <ID> — The id of the provider to be deleted

Setup your environment for the first time

Usage: stash setup [OPTIONS]

• --proxy — Save an env file for docker compose with CipherStash Proxy

  Default value: false

Sign-up for an account with CipherStash

Usage: stash signup

List workspaces that the current logged in user has access to

Usage: stash workspaces [OPTIONS] [COMMAND]

• switch — Switch from the current default workspace to a different one
• create — Create a new workspace for a certain host

• --all — List all workspaces in the instance instead of just user workspaces

  Default value: false

Switch from the current default workspace to a different one

Usage: stash workspaces switch [OPTIONS]

• --workspace-id <WORKSPACE_ID> — The workspace ID to switch to If not provided, you can select from a list of available workspaces

Create a new workspace for a certain host

Usage: stash workspaces create --region <REGION> --name <NAME>

• --region <REGION> — The Region where the workspace should be created in, with the cloud provider (eg. ap-southeast2.aws)
• --name <NAME> — A name (required) for the workspace

Print version information

Usage: stash version