Command-Line Help for stash

This document contains the help content for the stash command-line program.

Command Overview:

• stash↴
• stash version↴
• stash login↴
• stash signup↴
• stash workspaces↴
• stash workspaces switch↴
• stash datasets↴
• stash datasets create↴
• stash datasets enable↴
• stash datasets modify↴
• stash datasets disable↴
• stash datasets config↴
• stash datasets config upload↴
• stash datasets config display↴
• stash clients↴
• stash clients create↴
• stash clients revoke↴
• stash logs↴
• stash access-keys↴
• stash access-keys create↴
• stash access-keys revoke↴
• stash db-token↴
• stash db-token create↴
• stash identify↴
• stash identify provider↴
• stash identify provider show↴
• stash identify provider trust↴
• stash identify provider revoke↴

Install the CipherStash CLI

The CipherStash CLI is used to manage your CipherStash account, workspaces, datasets, and a variety of other operational tasks. The CLI is the main way you will interact with CipherStash as a developer.

On macOS

Install via Homebrew:

1brew install cipherstash/tap/stash

On Linux

Download the binary for your platform:

• Linux ARM64
• Linux ARM64 musl
• Linux x86_64
• Linux x86_64 musl

1. Make the binary executable:

   1# on x86_64
   2chmod +x $path_to/stash-x86_64-unknown-linux-gnu
   3
   4# on ARM64
   5chmod +x $path_to/stash-aarch64-unknown-linux-gnu

2. Rename the binary:

   1# on x86_64
   2mv stash-x86_64-unknown-linux-gnu stash
   3
   4# on ARM64
   5mv stash-aarch64-unknown-linux-gnu stash

3. Place the binary on your $PATH, so you can run it.

stash

The official CLI for CipherStash.

Usage: stash [OPTIONS] <COMMAND>

Subcommands:

• version — Print version information
• login — Log into a CipherStash workspace
• signup — Sign-up for an account with CipherStash
• workspaces — List workspaces that the current logged in user has access to
• datasets — List datasets that are available in the current workspace
• clients — List clients for all datasets in the current workspace
• logs — Watch the local decryption logs in the current workspace
• access-keys — List active access keys for the current workspace
• db-token — Manage DB Tokens
• identify — Show identity provider details for the current workspace

Options:

• --vitur-host <BASE_URL> — Specify an override for Vitur base URL
• --client-id <CLIENT_ID> — Client ID returned during client creation or by running list clients
• --client-key <CLIENT_KEY_HEX> — Client Key generated during client creation

stash version

Print version information

Usage: stash version

stash login

Log into a CipherStash workspace

Usage: stash login

stash signup

Sign-up for an account with CipherStash

Usage: stash signup

stash workspaces

List workspaces that the current logged in user has access to

Usage: stash workspaces [COMMAND]

Subcommands:

• switch — Switch from the current default workspace to a different one

stash workspaces switch

Switch from the current default workspace to a different one

Usage: stash workspaces switch <WORKSPACE_ID>

Arguments:

• <WORKSPACE_ID> — The ID of the workspace to switch into

stash datasets

List datasets that are available in the current workspace

Usage: stash datasets [COMMAND]

Subcommands:

• create — Create a dataset that can be used to encrypt one or more database tables
• enable — Enable a previously disabled dataset re-allowing encryption and decryption operations
• modify — Modify a dataset
• disable — Disable a dataset and disallow future encryption and decryption operations
• config — Manage dataset configuration

stash datasets create

Create a dataset that can be used to encrypt one or more database tables

Usage: stash datasets create [OPTIONS] <NAME>

Arguments:

• <NAME> — The name of the dataset to be created

Options:

• --description <DESCRIPTION> — A helpful description of what the dataset will be used to encrypt

  Default value: ``

stash datasets enable

Enable a previously disabled dataset re-allowing encryption and decryption operations

Usage: stash datasets enable [OPTIONS] <DATASET_ID>

Arguments:

• <DATASET_ID> — The UUID of the dataset to be enabled

Options:

• --confirm — Don't prompt for confirmation

  Possible values: true, false

stash datasets modify

Modify a dataset

Usage: stash datasets modify [OPTIONS] <DATASET_ID>

Arguments:

• <DATASET_ID> — The UUID of the dataset to be modified

Options:

• --name <NAME> — The new name of the dataset
• --description <DESCRIPTION> — The new description of the dataset

stash datasets disable

Disable a dataset and disallow future encryption and decryption operations

Usage: stash datasets disable [OPTIONS] <DATASET_ID>

Arguments:

• <DATASET_ID> — The UUID of the dataset to be disabled

Options:

• --confirm — Don't prompt for confirmation

  Possible values: true, false

stash datasets config

Manage dataset configuration

Usage: stash datasets config <COMMAND>

Subcommands:

• upload — Upload configuration for a dataset
• display — Display the configuration for a dataset

stash datasets config upload

Upload configuration for a dataset

Usage: stash datasets config upload [OPTIONS] --file <FILE>

Options:

• --file <FILE> — Path to the file containing the config for the dataset in yaml format

• -y, --assume-yes — Skip the confirmation prompt

  Possible values: true, false

stash datasets config display

Display the configuration for a dataset

Usage: stash datasets config display

stash clients

List clients for all datasets in the current workspace

Usage: stash clients [COMMAND]

Subcommands:

• create — Create a client that can be used to programmatically access a dataset
• revoke — Revoke a client

stash clients create

Create a client that can be used to programmatically access a dataset

Usage: stash clients create [OPTIONS] --dataset-id <DATASET_ID> <NAME>

Arguments:

• <NAME> — The name of the client to be created

Options:

• --description <DESCRIPTION> — A helpful description of what the client will be used for

  Default value: ``

• --dataset-id <DATASET_ID> — The UUID of the dataset that a client should be created for

stash clients revoke

Revoke a client

Usage: stash clients revoke <CLIENT_ID>

Arguments:

• <CLIENT_ID>

stash logs

Watch the local decryption logs in the current workspace

Usage: stash logs [OPTIONS]

Options:

• -n, --tail <TAIL>

  Default value: 100

stash access-keys

List active access keys for the current workspace

Usage: stash access-keys [OPTIONS] [WORKSPACE_ID] [COMMAND]

Subcommands:

• create — Create an access key for a workspace to allow programmatic access to that workspace without an account
• revoke — Revoke a previously created access key from a workspace

Arguments:

• <WORKSPACE_ID> — List access keys for a specific workspace

Options:

• --all-workspaces — Optionally list access keys from all workspaces

  Default value: false

  Possible values: true, false

stash access-keys create

Create an access key for a workspace to allow programmatic access to that workspace without an account

Usage: stash access-keys create [OPTIONS] <NAME>

Arguments:

• <NAME> — The name of the access key to be created. Maximum length is 42 characters.

Options:

• --workspace-id <WORKSPACE_ID> — The workspace id for which the access key should be created

stash access-keys revoke

Revoke a previously created access key from a workspace

Usage: stash access-keys revoke [OPTIONS] <NAME>

Arguments:

• <NAME>

Options:

• --workspace-id <WORKSPACE_ID> — The workspace id of the access key to be revoked

stash db-token

Manage DB Tokens

Usage: stash db-token <COMMAND>

Subcommands:

• create — Create a single-use DB token for a workspace to gaid adhoc DB access via a proxy running in the same workspace

stash db-token create

Create a single-use DB token for a workspace to gaid adhoc DB access via a proxy running in the same workspace

Usage: stash db-token create [WORKSPACE_ID]

Arguments:

• <WORKSPACE_ID>

stash identify

Show identity provider details for the current workspace

Usage: stash identify <COMMAND>

Subcommands:

• provider —

stash identify provider

Usage: stash identify provider [COMMAND]

Subcommands:

• show — Display the Identity Provider details for the workspace
• trust — Modify the issuers for the workspace Identity Provider
• revoke — Modify the issuers for the workspace Identity Provider

stash identify provider show

Display the Identity Provider details for the workspace

Usage: stash identify provider show [OPTIONS]

Options:

• --workspace-id <WORKSPACE_ID> — The workspace id of the provider to be displayed

stash identify provider trust

Modify the issuers for the workspace Identity Provider

Usage: stash identify provider trust [OPTIONS]

Options:

• --workspace-id <WORKSPACE_ID> — The workspace id of the provider to be modified
• --issuer <ISSUER> — Issuers as comma-delimited string
• --audience <AUDIENCE> — Audiences as comma-delimited string

stash identify provider revoke

Modify the issuers for the workspace Identity Provider

Usage: stash identify provider revoke [OPTIONS]

Options:

• --workspace-id <WORKSPACE_ID> — The workspace id of the provider to be modified
• --issuer — Reset Issuer
• --audience — Reset Audience