Overview
Add CLI support for the Secrets Management API, which manages secrets used in integrations and workflows.
API Endpoints to Implement
Based on analysis of https://docs.cortex.io/api, the following endpoints need CLI commands:
Secrets
POST /api/v1/secrets - Create secretGET /api/v1/secrets - List secrets (metadata only)GET /api/v1/secrets/{id} - Get secret metadataPUT /api/v1/secrets/{id} - Update secretDELETE /api/v1/secrets/{id} - Delete secret
Note: Secrets API returns metadata only (name, description, created date), not secret values, for security reasons.
Proposed CLI Structure
# Secrets Management
cortex secrets create --name <name> --value <value> [--description <desc>]
cortex secrets create -f <file> # For batch creation
cortex secrets list
cortex secrets get --id <id>
cortex secrets get --name <name>
cortex secrets update --id <id> --value <value> [--description <desc>]
cortex secrets delete --id <id>
cortex secrets delete --name <name>
Implementation Notes
- Create new command module:
cortexapps_cli/commands/secrets.py
- Follow existing patterns from
api_keys.py for sensitive data handling
- Security considerations:
- Never log or print secret values
- Support reading values from stdin or file (not just CLI args)
- Warn users about command history exposure when using
--value flag
- Recommend using
-f with files or stdin for secret values
- Support both interactive and file-based input
- Add appropriate test coverage in
tests/test_secrets.py
- Consider adding
--force flag for delete operations
Security Best Practices
# Recommended: Read from file
cortex secrets create --name my-secret -f secret.txt
# Recommended: Read from stdin
echo "secret-value" | cortex secrets create --name my-secret -f-
# Not recommended (appears in shell history)
cortex secrets create --name my-secret --value "secret-value"
Priority
Medium-High - Essential for workflow and integration management
Business Impact
Enables customers to manage secrets for:
- Custom workflows
- Integration configurations
- CI/CD pipelines
- Automation scripts
Currently, users may need to manage secrets through the UI, which limits automation capabilities.
References
Overview
Add CLI support for the Secrets Management API, which manages secrets used in integrations and workflows.
API Endpoints to Implement
Based on analysis of https://docs.cortex.io/api, the following endpoints need CLI commands:
Secrets
POST /api/v1/secrets- Create secretGET /api/v1/secrets- List secrets (metadata only)GET /api/v1/secrets/{id}- Get secret metadataPUT /api/v1/secrets/{id}- Update secretDELETE /api/v1/secrets/{id}- Delete secretNote: Secrets API returns metadata only (name, description, created date), not secret values, for security reasons.
Proposed CLI Structure
Implementation Notes
cortexapps_cli/commands/secrets.pyapi_keys.pyfor sensitive data handling--valueflag-fwith files or stdin for secret valuestests/test_secrets.py--forceflag for delete operationsSecurity Best Practices
Priority
Medium-High - Essential for workflow and integration management
Business Impact
Enables customers to manage secrets for:
Currently, users may need to manage secrets through the UI, which limits automation capabilities.
References