Secret Server CLI Client Reference
The TSS CLI client is an integration utility that allows you to interact with Secret Server. This guide provides a quick reference for the available commands and options.
Basic Usage
tss [options] [command]
Global Options
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --verbose | -v | Output verbose errors |
Available Commands
cache
Manage the cache strategy for this instance.
tss cache [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --age | -a | The cache age defines how long an item can live |
| --bust | -b | Bust the local cache |
| --config-directory | -cd | Set the storage directory for the config files |
| --current | -c | Get the current cache settings |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --strategy | -s | The cache strategy to use (Never = 0, Server then cache = 1, Cache then server = 2, Cache then server allow fallback on expired cache = 3) |
| --verbose | -v | Output verbose errors |
exit
Exit the Secret Server CLI.
tss exit [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --verbose | -v | Output verbose errors |
init
Initialize this machine to communicate with your Secret Server.
tss init [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --help | -h, -? | Show help information |
| --if-not-exist | -e | Do not generate an error if already initialized |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --onboarding-key | -k | The onboarding key for the rule |
| --rule-name | -r | The name of the rule that should be matched |
| --url | -u | The Secret Server URL (https://<name>) |
| --verbose | -v | Output verbose errors |
multi
Get the value of a field from one or more specified secrets.
tss multi [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --as-dictionary | -ad | Format secret as a dictionary of secret field/value pairs |
| --config-directory | -cd | Set the storage directory for the config files |
| --field | -f | The secret field's slug |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --output | -o | The optional output location |
| --secrets | -s | Comma-separated list of secret IDs (id1,id2,id3,...) |
| --verbose | -v | Output verbose errors |
remove
Remove configuration settings.
tss remove [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --confirm | -c | Automatically confirm this action without a confirmation prompt |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --verbose | -v | Output verbose errors |
secret
Get the value of a field from the specified secret.
tss secret [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --as-dictionary | -ad | Format secret as a dictionary of secret field/value pairs |
| --comment | -c | Add a comment |
| --config-directory | -cd | Set the storage directory for the config files |
| --field | -f | The secret field's slug |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --output | -o | The optional output location |
| --secret | -s | The ID of the secret |
| --verbose | -v | Output verbose errors |
status
Display the current connection status of the SDK client.
tss status [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --verbose | -v | Output verbose errors |
token
Retrieve an access token to use in your scripts.
tss token [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --verbose | -v | Output verbose errors |
version
Display the version of the SDK client.
tss version [options]
| Switch | Abbreviated Switch | Purpose |
|---|---|---|
| --config-directory | -cd | Set the storage directory for the config files |
| --full | -f | Display the full diagnostic version of the SDK client |
| --help | -h, -? | Show help information |
| --interactive | -i | Enable interactive mode |
| --key-directory | -kd | Set the storage directory for the config file encryption key |
| --verbose | -v | Output verbose errors |
