Releases: EntrustCorporation/pasmcli
pasmcli v1.6
- setup-ssh-proxy command enables admins to set up a bulk of servers for password less SSH access & onboarding of SSH secrets.
- ssh-proxy-login to login to SSH proxy with the help of server name only, without the need to specify a proxy port.
- get-vault-settings command now also includes HSM state info on the Vault.
- get-system-hsm-info command to get appliance HSM state and configuration info.
- update-vault-hsm-settings command to enable/disable/rekey HSM on the Vault, as well as to update DEK cache timeout.
Above requires Entrust KeyControl Vault version 10.2 or later.
vaultcli v1.5
-
change-ad-domain command to change AD/LDAP Domain entirely from one Domain to another, for authenticating into PASM Vault. Needs Vault admin privilege to perform this action.
-
ssh-session command no longer supported. SSH key secrets can only be accessed with proxy connection over PASM Vault.
Above requires Entrust KeyControl Vault version 10.1 or later.
vaultcli v1.4
-
create-file-secret command to create a secret by specifying a file with size limit of 5 MB
-
create-kv-secret command to create a key-value type of secret.
-
create-pwd-secret command to create a secret of type password.
-
create-esxi-host-secret command to create ESXi Host Secret.
-
create-ssh-key-secret command to create SSH key secret.
-
import-csv command to import & create secrets as specified in a properly formatted csv file.
-
get-csv-import-status command to get status of ongoing csv secret import status.
-
download-sample-csv command to download sample csv file for a given secret type.
-
cancel-csv-import command to cancel ongoing csv secret import.
-
put-esxi-host-secret-value command to put new secret value for already existing ESXi Host Secret.
-
put-file-secret command to put new file secret for pre-existing file secret type.
-
put-ssh-key-secret-value command to update existing SSH key-based secret with new value.
-
gen-passwd command to generate a password based on complexity option provided.
-
get-secret-metadata command to get metadata info of a secret, like, secret type.
-
get-secret-value command has been deprecated. To access a secret, please use checkout-secret command. Do note that, for checkout to succeed, caller should be part of Vault User Policy with permissions to access the secret.
All of the above requires Entrust KeyControl version 10.0 or later.
vaultcli v1.3
- download-audit command to download Secrets Vault audit log bundle.
- renew command to renew and extend existing logged-in session.
- get-platform-info command to get info of KeyControl on which Secrets Vault is hosted. Provides KeyControl version and Secrets Vault license state.
- set-policy-version command to set a specific Secrets Vault Policy version to current.
- list-managed-secret-plugins command to list all "managed" Secret plugins, that are installed and available.
All of the above requires Entrust KeyControl version 5.5 or later.
vaultcli v1.2
- Supports create-rotation-job, list-rotation-job and delete-rotation-job commands for Box-level rotation of managed Secrets.
- get-vault-info command to get information about the Secrets Vault.
- Support to get and update "degraded mode availability" setting via get-vault-settings and update-vault-settings commands respectively.
All of the above requires Entrust KeyControl version 5.4 or later.
vaultcli v1.1
- Supports rotate-secret command to rotate managed secrets on demand. This requires HyTrust KeyControl version 5.3 or later.
- create-box and update-box commands now support --rotation-on-checkin argument to enable or disable the rotation on checkin setting at the Vault Box level. This requires HyTrust KeyControl version 5.3 or later.
vaultcli v1.0
The vaultcli is a command line tool to manage, control and access Secrets with the HyTrust Secrets Vault.