Skip to content

Add support for Secrets Management API #149

New issue
New issue
Open
Open
Add support for Secrets Management API#149
@jeff-schnitter

Description

@jeff-schnitter
jeff-schnitter
opened on Nov 3, 2025

Overview

Add CLI support for the Secrets Management API, which manages secrets used in integrations and workflows.

API Endpoints to Implement

Based on analysis of https://docs.cortex.io/api, the following endpoints need CLI commands:

Secrets

  • POST /api/v1/secrets - Create secret
  • GET /api/v1/secrets - List secrets (metadata only)
  • GET /api/v1/secrets/{id} - Get secret metadata
  • PUT /api/v1/secrets/{id} - Update secret
  • DELETE /api/v1/secrets/{id} - Delete secret

Note: Secrets API returns metadata only (name, description, created date), not secret values, for security reasons.

Proposed CLI Structure

# Secrets Management
cortex secrets create --name <name> --value <value> [--description <desc>]
cortex secrets create -f <file>  # For batch creation
cortex secrets list
cortex secrets get --id <id>
cortex secrets get --name <name>
cortex secrets update --id <id> --value <value> [--description <desc>]
cortex secrets delete --id <id>
cortex secrets delete --name <name>

Implementation Notes

  1. Create new command module: cortexapps_cli/commands/secrets.py
  2. Follow existing patterns from api_keys.py for sensitive data handling
  3. Security considerations:
    • Never log or print secret values
    • Support reading values from stdin or file (not just CLI args)
    • Warn users about command history exposure when using --value flag
    • Recommend using -f with files or stdin for secret values
  4. Support both interactive and file-based input
  5. Add appropriate test coverage in tests/test_secrets.py
  6. Consider adding --force flag for delete operations

Security Best Practices

# Recommended: Read from file
cortex secrets create --name my-secret -f secret.txt

# Recommended: Read from stdin
echo "secret-value" | cortex secrets create --name my-secret -f-

# Not recommended (appears in shell history)
cortex secrets create --name my-secret --value "secret-value"

Priority

Medium-High - Essential for workflow and integration management

Business Impact

Enables customers to manage secrets for:

  • Custom workflows
  • Integration configurations
  • CI/CD pipelines
  • Automation scripts

Currently, users may need to manage secrets through the UI, which limits automation capabilities.

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions