Overview#
This is a mockup of how the CLI for password vault in Dogtag (not IPA) may look like. There is no plan to implement this yet.
Initialization#
A random salt is required to generate a vault key from the vault password. The salt can be generated with a separate initialization step, or during the first add operation.
Initialization may be done with a specific command:
$ pki <auth params> vault-init
Or it can use the “change password” command:
$ pki <auth params> vault-password
Password:
Verify password:
Change Password#
$ pki <auth params> vault-password
Old password:
New password:
Verify password:
List#
$ pki <auth params> vault-find
---------------
2 entries found
---------------
Secret ID: secret1
Secret ID: secret2
----------------------------
Number of entries returned 2
----------------------------
Archival#
$ pki <auth params> vault-add secret3 --vault-password password --data mysecret
----------------------
Added secret "secret3"
----------------------
Secret ID: secret3
Retrieval#
$ pki <auth params> vault-show secret3 --vault-password password
mysecret
Removal#
$ pki <auth params> vault-del secret3
------------------------
Deleted secret "secret3"
------------------------