nais secret get

nais secret get NAME [flags]

This command shows details about a secret, including its keys, workloads using it, and last modification info. Use –with-values to also fetch and display the actual secret values (access is logged for auditing).

Options

-e, --environment

Filter by environment.

--key

Name of the key to extract. Used with –to-file.

-o, --output

Format output (table or json).

--reason

Reason for accessing secret values (min 10 chars). Used with –with-values.

--to-file

Write a single key’s value to a file (implies –with-values). Requires –key. Binary values are decoded automatically.

--with-values

Also fetch and display secret values (access is logged).

Inherited options

--config

Specify the location for the configuration file.

--no-colors

Disable colors in the output.

-t, --team

Specify the team to use for this command. Overrides the default team from configuration.

-v, --verbose

Set verbosity level. Use -v for verbose, -vv for debug, -vvv for trace.

Examples

# Get details for a secret named my-secret in environment dev.
$ nais secret get my-secret --environment dev

# Get details including secret values (will prompt for reason).
$ nais secret get my-secret --environment dev --with-values

# Get details including secret values with reason provided inline.
$ nais secret get my-secret --environment dev --with-values --reason "Debugging production issue #1234"

# Extract a binary value (e.g. keystore) to a file.
$ nais secret get my-secret --environment prod --key keystore.p12 --to-file ./keystore.p12 --reason "Need keystore for local testing"