The mfsecretsadmin Utility

Use the mfsecretsadmin command line utility to setup, administer, and perform vault migration tasks.

Syntax:

To read from the vault: 

mfsecretsadmin [options] read <secret name> [outpath]

where:

<secret name>
This is the name of the secret to read.
outpath
This is the path to write the secret to and is optional. This is only available with the -file option.

To write to the vault: 

mfsecretsadmin [options] write <secret name> [secret]

where:

<secret name>
This is the name of the secret to write/delete.
secret
This is the value of the secret to be writen and is optional. If this is not specified, then the secret name is deleted.

To list the secrets in the path specified: 

mfsecretsadmin [options] list <secret path> [outpath]

where:

<secret path>
This is the path to the secrets to be listed. You can use the * and ? wildcards.
outpath
This is the path to write the list to and is optional. This is only available with the -file option.

To migrate secrets to a new vault destination: 

mfsecretsadmin [options] migrate <secret path> <to vault> <to secret path>

where:

<secret path>
This is the path to the secrets that you want to migrate. You can use the * wildcard to migrate all secrets from the specified location.
<to vault>
This is the name of the vault to be migrate to.
<to secret path>
This is the path to the vault you are migrating the secrets to. A * value maintains the secrets path.

To delete a secret: 

mfsecretsadmin [options] delete <secret name>

where:

<secret name>
This is the name of the secret to be deleted.

Options:

-vault <vault>
Specifies the name of the source vault. The default vault is used if this is not set.
-file
Specifies if the read or write action is performed to or from a file rather than standard out. secret on write is expected to be a path and outpath on read is expected to be set.
-config <config>
Specifies the full path of the secrets.cfg file. The default config is used if this is not specified.
-targetconfig <config>
Specifies the full path of the secrets.cfg file to migrate to. The default config is used if this is not specified.
-overwrite
Specifies that the write or migrate action will only replaces existing secrets.
-move
Specifies that the secrets are deleted once they have been sucessfuly migrated to the new vault.
-loglevel <level>
Specifies the level of messages output:
1
Information (all messages).
2
Warnings and errors only.
3
Only errors.

Examples

To store a secret to use with the PASS SQL compiler directive option, having a secret name of MFV_MySecretName, and storing the credentials of MyUser as the user ID and a password of MyPassword: 

mfsecretsadmin write Microfocus/ODBCECM/MFV_MySecretName MyUser.MyPassword

To store a secret to use with the PASS DB2 compiler directive option, having a secret name of MFV_MySecretName, and storing the credentials of MyUser as the user ID and a password of MyPassword: 

mfsecretsadmin write Microfocus/DB2ECM/MFV_MySecretName MyUser.MyPassword
Parent topic: Vault Facility
Related concepts
Using the Vault Facility with the XA Open String
Related information
Configuring the HACloud Session Server