CLI for Secrets Manager

Use the secrets-mgr commands to automate your Secrets Manager Processes. For more information about how to use these commands, refer to the Secrets Manager documentation.

Command	Description
secrets-mgr:secret-group:create	Creates a new secret group
secrets-mgr:secret-group:delete	Deletes a secret group
secrets-mgr:secret-group:describe	Shows details of a secret group
secrets-mgr:secret-group:list	Lists secret groups
secrets-mgr:secret-group:modify	Modifies a secret group
secrets-mgr:shared-secret:create	Creates a shared secret in a secret group
secrets-mgr:shared-secret:describe	Shows details of a shared secret
secrets-mgr:shared-secret:list	Lists all shared secrets in a secret group
secrets-mgr:shared-secret:modify	Modifies a shared secret
secrets-mgr:shared-secret:replace	Replaces an existing shared secret
secrets-mgr:certificate:create	Creates a new certificate secret
secrets-mgr:certificate:describe	Shows details of a certificate secret
secrets-mgr:certificate:list	Lists all certificate secrets in a secret group
secrets-mgr:certificate:modify	Modifies a certificate secret
secrets-mgr:certificate:replace	Replaces an existing certificate secret
secrets-mgr:keystore:create	Creates a new keystore secret
secrets-mgr:keystore:describe	Shows details of a keystore secret
secrets-mgr:keystore:list	Lists all keystore secrets in a secret group
secrets-mgr:keystore:modify	Modifies a keystore secret
secrets-mgr:keystore:replace	Replaces an existing keystore secret
secrets-mgr:truststore:create	Creates a new truststore secret
secrets-mgr:truststore:describe	Shows details of a truststore secret
secrets-mgr:truststore:list	Lists all truststore secrets in a secret group
secrets-mgr:truststore:modify	Modifies a truststore secret
secrets-mgr:truststore:replace	Replaces an existing truststore secret
secrets-mgr:tls-context:mule:create	Creates a new Mule TLS context secret
secrets-mgr:tls-context:mule:describe	Shows details of a Mule TLS context secret
secrets-mgr:tls-context:mule:list	Lists all Mule TLS context secrets in a secret group
secrets-mgr:tls-context:mule:modify	Modifies a Mule TLS context secret
secrets-mgr:tls-context:mule:replace	Replaces an existing Mule TLS context secret
secrets-mgr:tls-context:flex-gateway:create	Creates a new Flex Gateway TLS context secret
secrets-mgr:tls-context:flex-gateway:describe	Shows details of a Flex Gateway TLS context secret
secrets-mgr:tls-context:flex-gateway:list	Lists all Flex Gateway TLS context secrets in a secret group
secrets-mgr:tls-context:flex-gateway:modify	Modifies a Flex Gateway TLS context secret
secrets-mgr:tls-context:flex-gatway:replace	Replaces an existing Flex Gateway TLS context secret

Command

Description

secrets-mgr:secret-group:create

Creates a new secret group

secrets-mgr:secret-group:delete

Deletes a secret group

secrets-mgr:secret-group:describe

Shows details of a secret group

secrets-mgr:secret-group:list

Lists secret groups

secrets-mgr:secret-group:modify

Modifies a secret group

secrets-mgr:shared-secret:create

Creates a shared secret in a secret group

secrets-mgr:shared-secret:describe

Shows details of a shared secret

secrets-mgr:shared-secret:list

Lists all shared secrets in a secret group

secrets-mgr:shared-secret:modify

Modifies a shared secret

secrets-mgr:shared-secret:replace

Replaces an existing shared secret

secrets-mgr:certificate:create

Creates a new certificate secret

secrets-mgr:certificate:describe

Shows details of a certificate secret

secrets-mgr:certificate:list

Lists all certificate secrets in a secret group

secrets-mgr:certificate:modify

Modifies a certificate secret

secrets-mgr:certificate:replace

Replaces an existing certificate secret

secrets-mgr:keystore:create

Creates a new keystore secret

secrets-mgr:keystore:describe

Shows details of a keystore secret

secrets-mgr:keystore:list

Lists all keystore secrets in a secret group

secrets-mgr:keystore:modify

Modifies a keystore secret

secrets-mgr:keystore:replace

Replaces an existing keystore secret

secrets-mgr:truststore:create

Creates a new truststore secret

secrets-mgr:truststore:describe

Shows details of a truststore secret

secrets-mgr:truststore:list

Lists all truststore secrets in a secret group

secrets-mgr:truststore:modify

Modifies a truststore secret

secrets-mgr:truststore:replace

Replaces an existing truststore secret

secrets-mgr:tls-context:mule:create

Creates a new Mule TLS context secret

secrets-mgr:tls-context:mule:describe

Shows details of a Mule TLS context secret

secrets-mgr:tls-context:mule:list

Lists all Mule TLS context secrets in a secret group

secrets-mgr:tls-context:mule:modify

Modifies a Mule TLS context secret

secrets-mgr:tls-context:mule:replace

Replaces an existing Mule TLS context secret

secrets-mgr:tls-context:flex-gateway:create

Creates a new Flex Gateway TLS context secret

secrets-mgr:tls-context:flex-gateway:describe

Shows details of a Flex Gateway TLS context secret

secrets-mgr:tls-context:flex-gateway:list

Lists all Flex Gateway TLS context secrets in a secret group

secrets-mgr:tls-context:flex-gateway:modify

Modifies a Flex Gateway TLS context secret

secrets-mgr:tls-context:flex-gatway:replace

Replaces an existing Flex Gateway TLS context secret

secrets-mgr:secret-group:create

> secrets-mgr:secret-group:create [flags]

Creates a new secret group with the name specified by --name

Prompt the --downloadable flag if the secrets in this group are referenced in an API Manager proxy.

This command accepts the default flags.

secrets-mgr:secret-group:delete

> secrets-mgr:secret-group:delete [flags]

Deletes the secret group specified by --id

This command does not prompt for confirmation before deleting.

This command accepts the default flags.

secrets-mgr:secret-group:describe

> secrets-mgr:secret-group:describe [flags]

Returns the details of a secret group specified by --id

This command accepts the default flags.

secrets-mgr:secret-group:list

> secrets-mgr:secret-group:list [flags]

Lists all your secret groups, including the name and ID

This command accepts the default flags.

secrets-mgr:secret-group:modify

> secrets-mgr:secret-group:modify [flags]

Modifies a secret group specified by --id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	Name for your secret group	`--name TestSecretGroup`
`--downloadable`	Secrets in this group are referenced in an API Manager proxy	`--downloadable`
`--no-downloadable`	Secrets in this group are not referenced in an API Manager proxy	`--no-downloadable`

--name

Name for your secret group

--name TestSecretGroup

--downloadable

Secrets in this group are referenced in an API Manager proxy

--downloadable

--no-downloadable

Secrets in this group are not referenced in an API Manager proxy

--no-downloadable

secrets-mgr:shared-secret:create

> secrets-mgr:shared-secret:create [flags]

Creates a new shared secret in the secret group specified by --group-id, using the name specified by --name and the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret	`--name TestSecret`
`--type`	Choose the shared secret type (required) Options: `Blob`, `UsernamePassword`, `SymmetricKey`, `S3Credential`	`--type UsernamePassword`
`--content`	Blob text content (for `blob` type secrets)	`--type Blob --content example`
`--expiration-date`	Expiration date for the secret	`--expiration-date 01/01/2025`
`--key`	Key value (for `SymmetricKey` type secrets)	`--type SymmetricKey --key 49324329`
`--access-key-id`	S3 access key id (for `S3Credential` type secrets)	`--type S3Credential -access-key-id 03249348324`
`--secret-access-key`	S3 secret access key (for `S3Credential` type secrets)	`-type S3Credential -secret-access-key 00000000000`
`--secret-password`	Password (for `UsernamePassword` type secrets)	`-type UsernamePassword -secret-password testpassword12`
`--secret-username`	Username (for `UsernamePassword` type secrets)	`-type UsernamePassword -secret-username mulesoft-username`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret

--name TestSecret

--type

Choose the shared secret type (required)
Options: Blob, UsernamePassword, SymmetricKey, S3Credential

--type UsernamePassword

--content

Blob text content (for blob type secrets)

--type Blob --content example

--expiration-date

Expiration date for the secret

--expiration-date 01/01/2025

--key

Key value (for SymmetricKey type secrets)

--type SymmetricKey --key 49324329

--access-key-id

S3 access key id (for S3Credential type secrets)

--type S3Credential -access-key-id 03249348324

--secret-access-key

S3 secret access key (for S3Credential type secrets)

-type S3Credential -secret-access-key 00000000000

--secret-password

Password (for UsernamePassword type secrets)

-type UsernamePassword -secret-password testpassword12

--secret-username

Username (for UsernamePassword type secrets)

-type UsernamePassword -secret-username mulesoft-username

secrets-mgr:shared-secret:describe

> secrets-mgr:shared-secret:describe [flags]

Returns the details of a shared secret specified by --id from the secret group specified by --group-id

This command accepts the default flags.

The output does not include any sensitive or secret data.

secrets-mgr:shared-secret:list

> secrets-mgr:shared-secret:list [flags]

Lists all shared secrets in a secret group specified by --group-id

This command accepts the default flags.

secrets-mgr:shared-secret:modify

> secrets-mgr:shared-secret:modify [flags]

Modifies the name or expiration date for a shared secret specified by --id, from the secret group specified by --group-id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	New name for the shared secret	`--name TestSharedSecret`
`--expiration-date`	New expiration date for the shared secret	`--expiration-date 2025-01-25`

--name

New name for the shared secret

--name TestSharedSecret

--expiration-date

New expiration date for the shared secret

--expiration-date 2025-01-25

secrets-mgr:secret-group:replace

> secrets-mgr:shared-secret:replace [flags]

Replaces an existing shared secret specified by --id, from the secret group specified by --group-id, using the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--id`	Secret ID (required)	`--id 6e8417f6-2ca7-417a-82b6-047189a18b53`
`--group-id`	Secret Group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--type`	Shared secret type (required) The value must match the existing secret type.	`--type Blob`
`--name`	New name for your shared secret	`--name TestSharedSecret`
`--content`	Blob text content (for `blob` type secrets)	`--type Blob --content example`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--key`	Key value (for `SymmetricKey` type secrets)	`--type SymmetricKey --key 49324329`
`--access-key-id`	S3 access key id (for `S3Credential` type secrets)	`--type S3Credential -access-key-id 03249348324`
`--secret-access-key`	S3 secret access key (for `S3Credential` type secrets)	`-type S3Credential -secret-access-key 00000000000`
`--secret-password`	Password (for `UsernamePassword` type secrets)	`-type UsernamePassword -secret-password testpassword12`
`--secret-username`	Username (for `UsernamePassword` type secrets)	`-type UsernamePassword -secret-username mulesoft-username`

--id

Secret ID (required)

--id 6e8417f6-2ca7-417a-82b6-047189a18b53

--group-id

Secret Group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--type

Shared secret type (required)
The value must match the existing secret type.

--type Blob

--name

New name for your shared secret

--name TestSharedSecret

--content

Blob text content (for blob type secrets)

--type Blob --content example

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--key

Key value (for SymmetricKey type secrets)

--type SymmetricKey --key 49324329

--access-key-id

S3 access key id (for S3Credential type secrets)

--type S3Credential -access-key-id 03249348324

--secret-access-key

S3 secret access key (for S3Credential type secrets)

-type S3Credential -secret-access-key 00000000000

--secret-password

Password (for UsernamePassword type secrets)

-type UsernamePassword -secret-password testpassword12

--secret-username

Username (for UsernamePassword type secrets)

-type UsernamePassword -secret-username mulesoft-username

secrets-mgr:certificate:create

> secrets-mgr:certificate:create [flags]

Creates a new certificate secret in the secret group specified by --group-id, using the name specified by --name and the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--type`	Choose the certificate secret type (required) Options: `PEM`	`--type PEM`
`--cert-file`	Certificate file path	`--cert-file ./example-cert.pem`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--type

Choose the certificate secret type (required)
Options: PEM

--type PEM

--cert-file

Certificate file path

--cert-file ./example-cert.pem

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

secrets-mgr:certificate:describe

> secrets-mgr:certificate:describe [flags]

Returns the details of a certificate secret specified by --id from the secret group specified by --group-id

This command accepts the default flags.

The output does not include any sensitive or secret data.

secrets-mgr:certificate:list

> secrets-mgr:certificate:list [flags]

Lists all certificate secrets in a secret group specified by --group-id

This command accepts the default flags.

secrets-mgr:certificate:modify

> secrets-mgr:certificate:modify [flags]

Modifies the name or expiration date for a certificate secret specified by --id from the group specified by --group-id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	New name for the certificate secret	`--name TestCertificateSecret`
`--expiration-date`	New expiration date for the keystore secret	`--expiration-date 2025-01-25`

--name

New name for the certificate secret

--name TestCertificateSecret

--expiration-date

New expiration date for the keystore secret

--expiration-date 2025-01-25

secrets-mgr:certificate:replace

> secrets-mgr:certificate:replace [flags]

Replaces an existing certificate secret specified by --id, from the secret group specified by --group-id, using the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--id`	Secret ID (required)	`--id 6e8417f6-2ca7-417a-82b6-047189a18b53`
`--group-id`	Secret Group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--type`	Certificate secret type (required) The value must match the existing secret type	`--type PEM`
`--name`	New name for your shared secret	`--name TestSharedSecret`
`--cert-file`	Certificate file type	`--cert-file ./example-cert.pem`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`

--id

Secret ID (required)

--id 6e8417f6-2ca7-417a-82b6-047189a18b53

--group-id

Secret Group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--type

Certificate secret type (required)
The value must match the existing secret type

--type PEM

--name

New name for your shared secret

--name TestSharedSecret

--cert-file

Certificate file type

--cert-file ./example-cert.pem

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

secrets-mgr:keystore:create

> secrets-mgr:keystore:create [flags]

Creates a new keystore secret in the secret group specified by --group-id, using the name specified by --name and the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--type`	Keystore secret type (required) Options: `PEM`, `JKS`, `PKCS12`, `JCEKS`	`--type PEM`
`--algorithm`	Key manager factory algorithm for `JKS`, `PKCS12`, and `JCEKS` keystore secrets	`--algorithm PKIX`
`--alias`	Alias for the key used in `JKS`, `PKCS12`, and `JCEKS` keystore secrets	`--alias KeyAliasExample`
`--capath-file`	CA path certificate file for `PEM` keystore secrets	`--capath-file ./example-capath.pem`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--key-file`	Key file for PEM keystore secrets	`--key-file ./example-key.pem`
`--key-passphrase`	Passphrase required for `JKS`, `PKCS12` and `JCEKS` keystore secrets Optional for `PEM` keystore secrets	`--key-passphrase examplePassphrase`
`--keystore-file`	Keystore filepath for `JKS`, `PKCS12`, and `JCEKS` type secrets	`--keystore-file ./keystorefile.jks`
`--store-passphrase`	Passphrase for the `JKS`, `PKCS12`, and `JCEKS` type secrets	`--store-passphrase ExampleStorePassphrase`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--type

Keystore secret type (required)
Options: PEM, JKS, PKCS12, JCEKS

--type PEM

--algorithm

Key manager factory algorithm for JKS, PKCS12, and JCEKS keystore secrets

--algorithm PKIX

--alias

Alias for the key used in JKS, PKCS12, and JCEKS keystore secrets

--alias KeyAliasExample

--capath-file

CA path certificate file for PEM keystore secrets

--capath-file ./example-capath.pem

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--key-file

Key file for PEM keystore secrets

--key-file ./example-key.pem

--key-passphrase

Passphrase required for JKS, PKCS12 and JCEKS keystore secrets
Optional for PEM keystore secrets

--key-passphrase examplePassphrase

--keystore-file

Keystore filepath for JKS, PKCS12, and JCEKS type secrets

--keystore-file ./keystorefile.jks

--store-passphrase

Passphrase for the JKS, PKCS12, and JCEKS type secrets

--store-passphrase ExampleStorePassphrase

secrets-mgr:keystore:describe

> secrets-mgr:keystore:describe [flags]

Returns the details of a keystore secret specified by --id from the secret group specified by --group-id

This command accepts the default flags.

The output doesn’t include any sensitive or secret data.

secrets-mgr:keystore:list

> secrets-mgr:keystore:list [flags]

Lists all keystore secrets in a secret group specified by --group-id

This command accepts the default flags.

secrets-mgr:keystore:modify

> secrets-mgr:keystore:modify [flags]

Modifies the name or expiration date for a keystore secret specified by --id from the group specified by --group-id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	New name for the keystore secret	`--name TestKeystoreSecret`
`--expiration-date`	New expiration date for the keystore secret	`--expiration-date 2025-01-25`

--name

New name for the keystore secret

--name TestKeystoreSecret

--expiration-date

New expiration date for the keystore secret

--expiration-date 2025-01-25

secrets-mgr:keystore:replace

> secrets-mgr:keystore:replace [flags]

Replaces an existing keystore secret specified by --id, from the secret group specified by --group-id, using the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--id`	Secret ID (required)	`--id 6e8417f6-2ca7-417a-82b6-047189a18b53`
`--type`	Choose the keystore secret type (required) Options: `PEM`, `JKS`, `PKCS12`, `JCEKS`	`--type PEM`
`--algorithm`	Key manager factory algorithm for `JKS`, `PKCS12`, and `JCEKS` keystore secrets	`--algorithm PKIX`
`--alias`	Alias for the key used in `JKS`, `PKCS12`, and `JCEKS` keystore secrets	`--alias KeyAliasExample`
`--capath-file`	CA path certificate file for `PEM` keystore secrets	`--capath-file ./example-capath.pem`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--key-file`	Key file for PEM keystore secrets	`--key-file ./example-key.pem`
`--key-passphrase`	Passphrase required for `JKS`, `PKCS12` and `JCEKS` keystore secrets Optional for `PEM` keystore secrets	`--key-passphrase examplePassphrase`
`--keystore-file`	Keystore filepath for `JKS`, `PKCS12`, and `JCEKS` type secrets	`--keystore-file ./keystorefile.jks`
`--name`	Name for your secret	`--name TestSecret`
`--store-passphrase`	Passphrase for the `JKS`, `PKCS12`, and `JCEKS` type secrets	`--store-passphrase ExampleStorePassphrase`

--id

Secret ID (required)

--id 6e8417f6-2ca7-417a-82b6-047189a18b53

--type

Choose the keystore secret type (required)
Options: PEM, JKS, PKCS12, JCEKS

--type PEM

--algorithm

Key manager factory algorithm for JKS, PKCS12, and JCEKS keystore secrets

--algorithm PKIX

--alias

Alias for the key used in JKS, PKCS12, and JCEKS keystore secrets

--alias KeyAliasExample

--capath-file

CA path certificate file for PEM keystore secrets

--capath-file ./example-capath.pem

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--key-file

Key file for PEM keystore secrets

--key-file ./example-key.pem

--key-passphrase

Passphrase required for JKS, PKCS12 and JCEKS keystore secrets
Optional for PEM keystore secrets

--key-passphrase examplePassphrase

--keystore-file

Keystore filepath for JKS, PKCS12, and JCEKS type secrets

--keystore-file ./keystorefile.jks

--name

Name for your secret

--name TestSecret

--store-passphrase

Passphrase for the JKS, PKCS12, and JCEKS type secrets

--store-passphrase ExampleStorePassphrase

secrets-mgr:truststore:create

> secrets-mgr:truststore:create [flags]

Creates a new truststore secret in the secret group specified by --group-id, using the name specified by --name and the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--type`	Choose the truststore secret type (required) Options: `PEM`, `JKS`, `PKCS12`, `JCEKS`	`--type PEM`
`--truststore-file`	Truststore filepath (required)	`--truststore-file ./truststorefile.pem`
`--algorithm`	Key manager factory algorithm for `JKS`, `PKCS12`, and `JCEKS` keystore secrets	`--algorithm SUNX509`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--store-passphrase`	Passphrase required for `JKS`, `PKCS12` and `JCEKS` keystore secrets	`--store-passphrase examplePassphrase`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--type

Choose the truststore secret type (required)
Options: PEM, JKS, PKCS12, JCEKS

--type PEM

--truststore-file

Truststore filepath (required)

--truststore-file ./truststorefile.pem

--algorithm

Key manager factory algorithm for JKS, PKCS12, and JCEKS keystore secrets

--algorithm SUNX509

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--store-passphrase

Passphrase required for JKS, PKCS12 and JCEKS keystore secrets

--store-passphrase examplePassphrase

secrets-mgr:truststore:describe

> secrets-mgr:truststore:describe [flags]

Returns the details of a truststore secret specified by --id from the secret group specified by --group-id

This command accepts the default flags.

The output does not include any sensitive or secret data.

secrets-mgr:truststore:list

> secrets-mgr:truststore:list [flags]

Lists all truststore secrets in a secret group specified by --group-id

This command accepts the default flags.

secrets-mgr:truststore:modify

> secrets-mgr:truststore:modify [flags]

Modifies the name or expiration date for a truststore secret specified by --id from the group specified by --group-id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	New name for the truststore secret	`--name TestTruststoreSecret`
`--expiration-date`	New expiration date for the truststore secret	`--expiration-date 2025-01-25`

--name

New name for the truststore secret

--name TestTruststoreSecret

--expiration-date

New expiration date for the truststore secret

--expiration-date 2025-01-25

secrets-mgr:truststore:replace

> secrets-mgr:truststore:replace [flags]

Replaces an existing truststore secret specified by --id, from the secret group specified by --group-id, using the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--id`	Secret ID (required)	`--id 6e8417f6-2ca7-417a-82b6-047189a18b53`
`--type`	Choose the truststore secret type (required) Options: `PEM`, `JKS`, `PKCS12`, `JCEKS`	`--type PEM`
`--truststore-file`	Truststore filepath (required)	`--truststore-file ./truststorefile.pem`
`--algorithm`	Key manager factory algorithm for `JKS`, `PKCS12`, and `JCEKS` keystore secrets	`--algorithm SUNX509`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--name`	Name for your secret	`--name TestSecret`
`--store-passphrase`	Passphrase required for `JKS`, `PKCS12` and `JCEKS` keystore secrets	`--store-passphrase examplePassphrase`

--id

Secret ID (required)

--id 6e8417f6-2ca7-417a-82b6-047189a18b53

--type

Choose the truststore secret type (required)
Options: PEM, JKS, PKCS12, JCEKS

--type PEM

--truststore-file

Truststore filepath (required)

--truststore-file ./truststorefile.pem

--algorithm

Key manager factory algorithm for JKS, PKCS12, and JCEKS keystore secrets

--algorithm SUNX509

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--name

Name for your secret

--name TestSecret

--store-passphrase

Passphrase required for JKS, PKCS12 and JCEKS keystore secrets

--store-passphrase examplePassphrase

secrets-mgr:tls-context:mule:create

> secrets-mgr:tls-context:mule:create [flags]

Creates a new Mule TLS context secret in the secret group specified by --group-id, and using the name specified by --name

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--tls-version`	TLS Version Default: TLSv1.2	`--tls-version TLSv1.1`
`--cipher`	Cipher for the specified TLS version	`--cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--insecure`	Disable certificate validation	`--insecure`
`--keystore-id`	A valid `JKS`, `JCEKS`, or `PKCS12` keystore ID in the secret group, which is used as keystore for the TLS context	`--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70`
`--truststore-id`	A valid `JKS`, `JCEKS`, or `PKCS12` truststore ID in the secret group, which is used as truststore for the TLS context	`--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--tls-version

TLS Version
Default: TLSv1.2

--tls-version TLSv1.1

--cipher

Cipher for the specified TLS version

--cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--insecure

Disable certificate validation

--insecure

--keystore-id

A valid JKS, JCEKS, or PKCS12 keystore ID in the secret group, which is used as keystore for the TLS context

--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70

--truststore-id

A valid JKS, JCEKS, or PKCS12 truststore ID in the secret group, which is used as truststore for the TLS context

--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670

secrets-mgr:tls-context:mule:describe

> secrets-mgr:tls-context:mule:describe [flags]

Returns the details of a Mule TLS context secret specified by --id from the secret group specified by --group-id

This command accepts the default flags.

The output does not include any sensitive or secret data.

secrets-mgr:tls-context:mule:list

> secrets-mgr:tls-context:mule:list [flags]

Lists all Mule TLS context secrets in a secret group specified by --group-id

This command accepts the default flags.

secrets-mgr:tls-context:mule:modify

> secrets-mgr:TLS-context:mule:modify [flags]

Modifies the name or expiration date for a Mule TLS context secret specified by --id from the group specified by --group-id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	New name for the truststore secret	`--name TestTruststoreSecret`
`--expiration-date`	New expiration date for the truststore secret	`--expiration-date 2025-01-25`

--name

New name for the truststore secret

--name TestTruststoreSecret

--expiration-date

New expiration date for the truststore secret

--expiration-date 2025-01-25

secrets-mgr:tls-context:mule:replace

> secrets-mgr:tls:context:mule:replace [flags]

Replaces an existing Mule TLS context secret specified by --id, from the secret group specified by --group-id, using the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--tls-version`	TLS Version Default: TLSv1.2	`--tls-version TLSv1.1`
`--cipher`	Cipher for the specified TLS version	`--cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--insecure`	Disable certificate validation	`--insecure`
`--keystore-id`	A valid `JKS`, `JCEKS`, or `PKCS12` keystore ID in the secret group, which is used as keystore for the TLS context	`--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70`
`--truststore-id`	A valid `JKS`, `JCEKS`, or `PKCS12` truststore ID in the secret group, which is used as truststore for the TLS context	`--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--tls-version

TLS Version
Default: TLSv1.2

--tls-version TLSv1.1

--cipher

Cipher for the specified TLS version

--cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--insecure

Disable certificate validation

--insecure

--keystore-id

A valid JKS, JCEKS, or PKCS12 keystore ID in the secret group, which is used as keystore for the TLS context

--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70

--truststore-id

A valid JKS, JCEKS, or PKCS12 truststore ID in the secret group, which is used as truststore for the TLS context

--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670

secrets-mgr:tls-context:flex-gateway:create

> secrets-mgr:tls-context:flex-gateway:create [flags]

Creates a new Flex Gateway TLS context secret in the secret group specified by --group-id, and using the name specified by --name

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--max-tls-version`	Maximum TLS Version Default: TLSv1.3	`--max-tls-version TLSv1.2`
`--min-tls-version`	Minimum TLS Version Default: TLSv1.3	`--min-tls-version TLSv1.2`
`--cipher`	Cipher for the specified TLS version range	`--cipher TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256`
`--alpn-protocol`	ALPN Protocol Options: `h2`, `http/1.1`	`--alpn-protocol h2`
`--enable-client-cert-validation`	Enable client certificate validation	`--enable-client-cert-validation`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--keystore-id`	A valid `PEM` keystore ID in the secret group, which is used as keystore for the TLS context	`--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70`
`--truststore-id`	A valid `PEM` truststore ID in the secret group, which is used as truststore for the TLS context	`--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670`
`--skip-server-cert-validation`	Skip service certificate validation	`--skip-server-cert-validation`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--max-tls-version

Maximum TLS Version
Default: TLSv1.3

--max-tls-version TLSv1.2

--min-tls-version

Minimum TLS Version
Default: TLSv1.3

--min-tls-version TLSv1.2

--cipher

Cipher for the specified TLS version range

--cipher TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

--alpn-protocol

ALPN Protocol
Options: h2, http/1.1

--alpn-protocol h2

--enable-client-cert-validation

Enable client certificate validation

--enable-client-cert-validation

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--keystore-id

A valid PEM keystore ID in the secret group, which is used as keystore for the TLS context

--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70

--truststore-id

A valid PEM truststore ID in the secret group, which is used as truststore for the TLS context

--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670

--skip-server-cert-validation

Skip service certificate validation

--skip-server-cert-validation

For more information about ciphers, see Flex Gateway Supported Ciphers.

secrets-mgr:tls-context:flex-gateway:describe

> secrets-mgr:tls-context:flex-gateway:describe [flags]

Returns the details of a Flex Gateway TLS context secret specified by --id from the secret group specified by --group-id

This command accepts the default flags.

The output does not include any sensitive or secret data.

secrets-mgr:tls-context:flex-gateway:list

> secrets-mgr:tls-context:flex-gateway:list [flags]

Lists all Flex Gateway TLS context secrets in a secret group specified by --group-id

This command accepts the default flags.

secrets-mgr:tls-context:flex-gateway:modify

> secrets-mgr:TLS-context:flex-gateway:modify [flags]

Modifies the name or expiration date for a Flex Gateway TLS context secret specified by --id from the group specified by --group-id

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--name`	New name for the truststore secret	`--name TestTruststoreSecret`
`--expiration-date`	New expiration date for the truststore secret	`--expiration-date 2025-01-25`

--name

New name for the truststore secret

--name TestTruststoreSecret

--expiration-date

New expiration date for the truststore secret

--expiration-date 2025-01-25

secrets-mgr:tls-context:flex-gateway:replace

> secrets-mgr:tls:context:flex-gateway:replace [flags]

Replaces an existing Flex Gateway TLS context secret specified by --id, from the secret group specified by --group-id, using the type specified by --type

In addition to the default flags, this command accepts the following flags:

Flag Description Example

Flag	Description	Example
`--group-id`	Secret group ID (required)	`--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d`
`--name`	Name for your secret (required)	`--name TestSecret`
`--max-tls-version`	Maximum TLS Version Default: TLSv1.3	`--max-tls-version TLSv1.2`
`--min-tls-version`	Minimum TLS Version Default: TLSv1.3	`--min-tls-version TLSv1.2`
`--cipher`	Cipher for the specified TLS version range	`--cipher TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256`
`--alpn-protocol`	ALPN Protocol Options: `h2`, `http/1.1`	`--alpn-protocol h2`
`--enable-client-cert-validation`	Enable client certificate validation	`--enable-client-cert-validation`
`--expiration-date`	Expiration date for the secret	`--expiration-date 2025-01-25`
`--keystore-id`	A valid `PEM` keystore ID in the secret group, which is used as keystore for the TLS context	`--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70`
`--truststore-id`	A valid `PEM` truststore ID in the secret group, which is used as truststore for the TLS context	`--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670`
`--skip-server-cert-validation`	Skip service certificate validation	`--skip-server-cert-validation`

--group-id

Secret group ID (required)

--group-id 1fec0a49-1551-4199-bfcc-cf0352d0f29d

--name

Name for your secret (required)

--name TestSecret

--max-tls-version

Maximum TLS Version
Default: TLSv1.3

--max-tls-version TLSv1.2

--min-tls-version

Minimum TLS Version
Default: TLSv1.3

--min-tls-version TLSv1.2

--cipher

Cipher for the specified TLS version range

--cipher TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

--alpn-protocol

ALPN Protocol
Options: h2, http/1.1

--alpn-protocol h2

--enable-client-cert-validation

Enable client certificate validation

--enable-client-cert-validation

--expiration-date

Expiration date for the secret

--expiration-date 2025-01-25

--keystore-id

A valid PEM keystore ID in the secret group, which is used as keystore for the TLS context

--keystore-id 2d773060-aed0-46a7-b131-efbdb6ceff70

--truststore-id

A valid PEM truststore ID in the secret group, which is used as truststore for the TLS context

--truststore-id 588c33e4-7f6f-44be-94e8-8b65a56d1670

--skip-server-cert-validation

Skip service certificate validation

--skip-server-cert-validation