fnox 0.1.0

A flexible secret management tool supporting multiple providers and encryption methods
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

min_usage_version "1.3"
name fnox
bin fnox
version "0.1.0"
about "A flexible secret management tool by @jdx"
usage "Usage: fnox [OPTIONS] <COMMAND>"
flag "-c --config" help="Path to the configuration file (default: fnox.toml, searches parent directories)" global=#true {
    arg <CONFIG>
}
flag "-p --profile" help="Profile to use (default: default, or FNOX_PROFILE env var)" global=#true {
    arg <PROFILE>
}
flag "-v --verbose" help="Enable verbose logging" global=#true
flag --age-key-file help="Path to age key file for decryption" global=#true {
    arg <AGE_KEY_FILE>
}
flag --no-color help="Disable colored output" global=#true
cmd check help="Check if all required secrets are defined and configured" {
    flag "-p --profile" help="Profile to check (default: current profile or environment variable)" {
        arg <PROFILE>
    }
}
cmd completion hide=#true help="Generate shell completions" {
    arg <SHELL> help="Shell type to generate completions for"
}
cmd delete help="Delete a secret" {
    alias rm
    flag "-f --force" help="Skip confirmation prompt"
    arg <KEY> help="Secret key to delete"
}
cmd doctor help="Show diagnostic information about the current fnox state" {
    flag "-p --profile" help="Profile to diagnose (default: current profile or environment variable)" {
        arg <PROFILE>
    }
}
cmd edit help="Edit the configuration file"
cmd export help="Export secrets in various formats" {
    flag "-f --format" help="Export format" {
        arg <FORMAT> {
            choices env json yaml toml
        }
    }
    flag "-o --output" help="Output file (default: stdout)" {
        arg <OUTPUT>
    }
    flag --include-optional help="Include secrets marked as optional"
}
cmd get help="Get a secret value" {
    arg <KEY> help="Secret key to retrieve"
}
cmd import help="Import secrets from various sources" {
    flag "-f --force" help="Skip confirmation prompts"
    flag "-s --source" help="Source file or path to import from (default: stdin)" {
        arg <SOURCE>
    }
    flag --filter help="Only import matching secrets (regex pattern)" {
        arg <FILTER>
    }
    flag --prefix help="Prefix to add to imported secret names" {
        arg <PREFIX>
    }
    arg "[FORMAT]" help="Import source format" required=#false default=env {
        choices env json yaml toml
    }
}
cmd init help="Initialize a new fnox configuration file"
cmd list help="List all secrets" {
    alias ls
    flag "-f --full" help="Show full provider keys without truncation"
    flag "-V --values" help="Show secret values (if available)"
    flag --complete help="Output secret keys for shell completion (one per line)" hide=#true
}
cmd profiles help="List available profiles" {
    flag --complete help="Output profile names for shell completion (one per line)" hide=#true
}
cmd provider help="Manage providers (defaults to list)" {
    cmd add help="Add a new provider" {
        arg <NAME> help="Provider name"
        arg <PROVIDER_TYPE> help="Provider type" {
            choices "1password" aws vault gcp aws-kms azure-kv gcp-kms age
        }
    }
    cmd list help="List available providers" {
        flag --complete help="Output provider names for shell completion (one per line)" hide=#true
    }
    cmd remove help="Remove a provider" {
        arg <NAME> help="Provider name"
    }
    cmd test help="Test a provider connection" {
        arg <NAME> help="Provider name"
    }
}
cmd remove help="Remove a secret" {
    arg <KEY> help="Secret key to remove"
}
cmd run help="Run a command with secrets as environment variables" {
    arg "[COMMAND]…" help="Command to run" required=#false double_dash=automatic var=#true
}
cmd scan help="Scan repository for potential secrets" {
    flag "-d --dir" help="Directory to scan (default: current directory)" {
        arg <DIR>
    }
    flag "-i --ignore" help="Skip files matching this pattern (can be used multiple times)" var=#true {
        arg <IGNORE>
    }
    flag "-q --quiet" help="Show only files with potential secrets"
}
cmd set help="Set a secret value" {
    flag "-d --description" help="Description of the secret" {
        arg <DESCRIPTION>
    }
    flag "-k --key-name" help="Key name in the provider (if different from env var name)" {
        arg <KEY_NAME>
    }
    flag "-P --provider" help="Provider to fetch from" {
        arg <PROVIDER>
    }
    flag --default help="Default value to use if secret is not found" {
        arg <DEFAULT>
    }
    flag --if-missing help="What to do if the secret is missing (error, warn, ignore)" {
        arg <IF_MISSING>
    }
    flag --prompt help="Prompt for secret value interactively"
    arg <KEY> help="Secret key (environment variable name)"
    arg "[VALUE]" help="Secret value (reads from stdin if not provided)" required=#false
}
cmd usage hide=#true help="Generate usage specification"
cmd version help="Show version information"
// Dynamic completions for fnox commands

// Complete secret keys - this will automatically match args named "key"
complete "key" run="fnox list --complete 2>/dev/null || true"

// Complete provider names - this will automatically match args named "name" in provider commands
complete "name" run="fnox provider list --complete 2>/dev/null || true"

// Complete profile names - this will automatically match args named "profile"
complete "profile" run="fnox profiles --complete 2>/dev/null || true"

// Complete config files
complete "config_file" type="file"