sept

Documentation

Explore our documentation to find out how to use Sept.

Basic concepts

Sept allows to create manifests where you can store key/value pairs. Manifests can be created, listed, and deleted. Within a manifest, you can set, get, and delete key/value pairs. If you have a .env you can even bulk import key/value pairs into a manifest. As the manifest ID is mandatory for many sept commands, you can export the SEPT_MANIFEST environment variable so that you don't have to pass it everytime. Make sure to read the section on manifests to see an example, and you can always run sept info to check your configuration.

Manifest

A manifest is a list of key/value pairs—what you usually put in a .env file.

CREATE

When you start using sept you need to create your first manifest:

$ sept create
c809f70c-ba07-4376-9e6a-78ef8ea23e05

Now you can start using that manifest. Jump to SET to see how to store key/value pairs in your manifest, or read on to learn how to list and destroy manifests.

LIST

If you want to retrieve the list of manifests, run the command below:

$ sept list
c809f70c-ba07-4376-9e6a-78ef8ea23e05

DESTROY

If you want to get rid of a manifest, run the command below:

$ sept destroy -m c809f70c-ba07-4376-9e6a-78ef8ea23e05
Manifest ID: c809f70c-ba07-4376-9e6a-78ef8ea23e05 destroyed

Note how you pass the manifest ID with the -m flag. It's a required flag for most commands, and specially for keyspace operations.

Keyspace

Keyspace operations allow you to set, get, and delete key/value pairs—both individually and in bulk— from a given manifest. All the keyspace commands require the manifest ID flag, for example: 

$ sept -m c809f70c-ba07-4376-9e6a-78ef8ea23e05 set APP_NAME foobar
# OK

For brevity, we assume the SEPT_MANIFEST environment variable is exported:

$ export SEPT_MANIFEST=c809f70c-ba07-4376-9e6a-78ef8ea23e05

Then all the commands that require the -m flag can just use the value configured for SEPT_MANIFEST.

SET

Usage: sept set KEY VALUE [KEY VALUE ...]

$ sept set APP_NAME foobar
# OK

GET

Usage: sept get KEY [KEY ...]

$ sept get APP_NAME
APP_NAME=foobar

DEL

Usage: sept del KEY [KEY ...]

$ sept del APP_NAME
# OK

GETALL

Usage: sept getall

Assume there are three key/value pairs set: FOO=1, BAR=2, and BAZ=3. Then:

$ sept getall
FOO=1
BAR=2
BAZ=3

You can use getall to export the key/value pairs from a manifest into a .env file.

$ sept getall > .env

IMPORT

Usage: sept import .env

Assume there are three key/value pairs defined in the .env file: FOO=1, BAR=2, and BAZ=3.

$ sept import .env

Then:

$ sept getall
FOO=1
BAR=2
BAZ=3

RUN

Usage: sept run -- COMMAND [OPTION ...]

Technically this is not a keyspace operation, but it is a way of exporting all the key/value pairs in manifest as environment variables and running a process within that environment.

$ sept run -- ./my/process

Admin

INIT

Usage: sept init

Perhaps the first command you will run, init creates a configuration file and generates the public and private keys that will be used for encrypting and decrypting the secrets you store in sept.

By default the configuration is stored in ~/.config/sept/config.ini, but you can pass -c path/to/file.ini if you want to store the settings somewhere else. As with the manifest ID, you can export the environment variable SEPT_CONFIG with a path to a config.ini file.

$ sept init
Keypair created.
Public key: pk_0A6WFJWPc9mq2rWBxHodJT-hGEsq1uPhduK-BSuXKQIT5QUZ

REGISTER

Usage: sept register URL TOKEN

Likely the second command you will ever run, register will connect to your account and exchange public keys with the server. The configuration file will be updated and you will be able to securely store your secrets in sept.

$ sept register https://some-domain.1.sept.run \
    tk_some_token

Note that the URL and the TOKEN will be provided to you when you subscribe to the service.

LOGIN

Usage: sept login URL

When you are added as a supervisor, or when you are granted editor or viewer access to a manifest, you will have to run this command to identify yourself with the server. This command will fail if you haven't run sept init first.

$ sept login https://some-domain.1.sept.run
Successfully logged in.

Note that the URL will be provided to you by whomever added you by an account supervisor.

INFO

Usage: sept info

$ sept info
Public key: pk_0A6WFJWPc9mq2rWBxHodJT-hGEsq1uPhduK-BSuXKQIT5QUZ
Remote URL: http://some-domain.sept.run
Remote key: pk_ohEHNPFyNcwTu9WP1P3l5TFHnrxMtcs72QBqHohXQq3XxpY1

If you have exported the variables SEPT_MANIFEST and/or SEPT_CONFIG, their values will show up in the reply to info.

For example:

$ export SEPT_MANIFEST=c809f70c-ba07-4376-9e6a-78ef8ea23e05

Then:

$ sept info
Public key: pk_0A6WFJWPc9mq2rWBxHodJT-hGEsq1uPhduK-BSuXKQIT5QUZ
Remote URL: http://some-domain.sept.run
Remote key: pk_ohEHNPFyNcwTu9WP1P3l5TFHnrxMtcs72QBqHohXQq3XxpY1

SEPT_MANIFEST=c809f70c-ba07-4376-9e6a-78ef8ea23e05

Permissions

GRANT

Usage: sept grant ROLE AGENT

ROLE can be either owner, editor or viewer; AGENT is the public key of a sept user. For any user that has sept installed, running sept info will yield their public key.

When ROLE is set to owner, the agent will be granted admin access to the account. They will then be able to create, list and delete manifests, as well as running any admin command. This access level is not limited to a particular manifest.

When ROLE is set to editor, passing a manifest ID is mandatory. The agent will have read/write access to that manifest.

When ROLE is set to viewer, passing a manifest ID is mandatory. The agent will have read-only access to that manifest.

$ sept grant owner pk_0A6WFJW...
Added 'pk_0A6WFJW...' to supervisors.

$ sept -m c809f70c-ba07-4376-9e6a-78ef8ea23e05 grant editor pk_0A6WFJW...
Granted 'pk_0A6WFJW...' editor access to 'c809f70c-ba07-4376-9e6a-78ef8ea23e05'.

REVOKE

Usage: sept revoke ROLE AGENT

ROLE can be either owner, editor or viewer; AGENT is the public key of a sept user. For any user that has sept installed, running sept info will yield their public key.

When ROLE is set to owner, the agent will be removed from the list of supervisors.

When ROLE is set to editor or viewer, passing a manifest ID is mandatory. The agent will no longer have access to that manifest.

$ sept revoke owner pk_0A6WFJWPc9mq2rWBxHodJT-hGEsq1uPhduK-BSuXKQIT5QUZ
Removed 'pk_0A6WFJW...' from supervisors.

$ sept -m c809f70c-ba07-4376-9e6a-78ef8ea23e05 revoke editor pk_0A6WFJW...
Revoked 'pk_0A6WFJW...' access to 'c809f70c-ba07-4376-9e6a-78ef8ea23e05'.

AGENTS

Usage: sept agents

List the agents with access to a given manifest. The output is a list of public keys.

$ sept -m c809f70c-ba07-4376-9e6a-78ef8ea23e05 agents
pk_0A6WFJWPc9mq2rWBxHodJT-hGEsq1uPhduK-BSuXKQIT5QUZ
pk_ehBOFIUOyA3G2oUOx3Rdf6nlfIi9FUi55NjqpFOk_xd0USQi
pk_gw9TASC0wHCNvAq3kshEl1UI1wsblH7VsJoe0JaUlDEunOAt