Skip to content

passbolt_exec

Jump to bottom
speatzle edited this page Feb 23, 2025 · 1 revision

doc/passbolt_exec.md## passbolt exec

Run a command with secrets injected into the environment.

Synopsis

The command allows you to execute another command with environment variables that reference secrets stored in Passbolt. Any environment variables containing passbolt:// references are automatically resolved to their corresponding secret values before the specified command is executed. This ensures that secrets are securely injected into the child process's environment without exposing them to the parent shell.

For example:
export GITHUB_TOKEN=passbolt://<PASSBOLT_RESOURCE_ID_HERE>
passbolt exec -- gh auth login

This would resolve the passbolt:// reference in GITHUB_TOKEN to its actual secret value and pass it to the gh process.

passbolt exec -- command [args...] [flags]

Options

  -h, --help   help for exec

Options inherited from parent commands

      --config string                    Config File
      --debug                            Enable Debug Logging
      --mfaDelay duration                Delay between MFA Attempts, only used in noninteractive modes (default 10s)
      --mfaMode string                   How to Handle MFA, the following Modes exist: none, interactive-totp and noninteractive-totp (default "interactive-totp")
      --mfaRetrys uint                   How often to retry TOTP Auth, only used in nointeractive modes (default 3)
      --mfaTotpOffset duration           TOTP Generation offset only used in noninteractive-totp mode
      --mfaTotpToken string              Token to generate TOTP's, only used in nointeractive-totp mode
      --serverAddress string             Passbolt Server Address (https://passbolt.example.com)
      --timeout duration                 Timeout for the Context (default 1m0s)
      --tlsClientCert string             Client certificate for mtls
      --tlsClientCertFile string         Client certificate path for mtls
      --tlsClientPrivateKey string       Client private key for mtls
      --tlsClientPrivateKeyFile string   Client private key path for mtls
      --tlsSkipVerify                    Allow servers with self-signed certificates
      --userPassword string              Passbolt User Password
      --userPrivateKey string            Passbolt User Private Key
      --userPrivateKeyFile string        Passbolt User Private Key File, if set then the userPrivateKey will be Overwritten with the File Content

SEE ALSO

  • passbolt - A CLI tool to interact with Passbolt.
Clone this wiki locally