kbsecret-new
- create a new kbsecret(1) record
kbsecret new
[options] <type> <record>
kbsecret new
creates a new kbsecret
record.
Each kbsecret
record has a type, a label (the record's identifier), and a list of
fields whose length depends on the type. For example, the login type has two fields:
a username and a password, in that order.
Fields can be input interactively (the default), or in a terse format via -x
, --terse
.
type can be abbreviated, where unambiguous. The list of available types can be found via kbsecret-types(1).
-s
, --session
<session>The session to create the record under.
If unspecified, the default session is assumed.
-f
, --force
Force record creation, even if overwriting another record with the same label.
-e
, --echo
Echo all input to the terminal. By default, like passwd(1), sensitive input fields are not echoed.
This only applies when the user is on an interactive terminal and has not
passed -x
, --terse
.
-G
, --generate
Generate sensitive fields instead of prompting for them.
This only applies during interactive, non-terse usage.
-g
, --generator
<generator>Use the given generator profile to generate sensitive fields.
If unspecified, the default generator is assumed.
-x
, --terse
Read fields from input in a terse format, similar to the formats emitted by kbsecret-login(1) and kbsecret-dump-fields(1).
The field separator can be modified via the -i
/--ifs
option.
-i
, --ifs
<separator>The string used to separate fields when -x
, --terse
is also used.
The default field separator is read from $IFS, falling back to ":" if $IFS is not set.
The $IFS environment variable provides a default for -i
, --ifs
.
$ kbsecret new login -e netflix
Username? bob
Password? hunter2
$ kbsecret new login -G yahoo
Username? alice
$ kbsecret new login youtube -G -g special-generator
$ kbsecret new login -x men-in-black <<< "agent_smith:ihateroaches"
$ echo "agent_jay^cricketgun" | kbsecret new login -i '^' -x men-in-black-2
# note the abbreviated type!
$ kbsecret new env my-api-key
Enabling terminal echo with -e
, --echo
is less secure than the
default interactive input, unless you know for a fact that nobody is looking over your
shoulder.
kbsecret(1), kbsecret-cp(1), kbsecret-rm(1)