Barbican (Encryption/Secrets)
Barbican is mainlly used to provide TLS termination, see an example here but you can also interact with it for other purposes.
You need the Barbican CLI :
Ubuntu - Debian
sudo apt install python3-barbicanclient
Centos - Red hat
sudo yum install python3-barbicanclient
Create a secret
taylor@laptop:~$ openstack secret store --name 'mysecret' --payload 'This is my secret ! chuuuut'
+---------------+-------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------+-------------------------------------------------------------------------------------------------+
| Secret href | https://pub1-api.cloud.infomaniak.ch/keymanager/v1/secrets/61d05c6b-403e-41be-9421-d94b3ba140a5 |
| Name | mysecret |
| Created | None |
| Status | None |
| Content types | None |
| Algorithm | aes |
| Bit length | 256 |
| Secret type | opaque |
| Mode | cbc |
| Expiration | None |
+---------------+-------------------------------------------------------------------------------------------------+
List secrets
taylor@laptop:~$ openstack secret list --fit-width
+------------------------------------------+----------+---------------------------+--------+---------------------------+-----------+------------+-------------+------+------------+
| Secret href | Name | Created | Status | Content types | Algorithm | Bit length | Secret type | Mode | Expiration |
+------------------------------------------+----------+---------------------------+--------+---------------------------+-----------+------------+-------------+------+------------+
| https://pub1-api.cloud.infomaniak.ch/key | mysecret | 2021-03-17T12:20:38+00:00 | ACTIVE | {'default': 'text/plain'} | aes | 256 | opaque | cbc | None |
| manager/v1/secrets/61d05c6b-403e-41be-94 | | | | | | | | | |
| 21-d94b3ba140a5 | | | | | | | | | |
+------------------------------------------+----------+---------------------------+--------+---------------------------+-----------+------------+-------------+------+------------+
Decrypt a secret
You need to pass the Secret href ID which is in the first column in the previous output
taylor@laptop:~$ openstack secret get 61d05c6b-403e-41be-9421-d94b3ba140a5 --decrypt
+---------+-----------------------------+
| Field | Value |
+---------+-----------------------------+
| Payload | This is my secret ! chuuuut |
+---------+-----------------------------+