How can I create a Cypher secret with a Variable?

Secrets Management
,
1

Is there a cool (simple) way to create a Cypher secret as part of a provision workflow?

2

Yes

3

Could do it with a python script

4

Any other questions :slight_smile:

5

I only know hot ways

6
I don't know if you were hinting at something simpler than using the API? I had one that generated a password for Windows user and then replace that as the administrator password on the server
7
I also generate cypher a ton with the workflows for onboarding new tenants. But all of that utilizes the API and I'm curious if you were just looking for a simple variable that creates one?
8
Unsure if you can just do <%=cypher.put%> or something
9

yeah can just use a var to generate one

10
I was looking for a way to avoid API. I was hoping there was a command like cypher.create 
Chris Bunge It sound like you may already have what I want. I have an MSP who wants to give users the ability to built a windows server and automatically create a secure password for Admin and then set the password as part of the build and of course have that password stored somewhere.
I have all the moving parts. I can create the password in Cypher (manually at the moment) I can then read that and during post provision I have a PS script that updates the Admin Password. 
The bit I am missing is creating the cypher mountpoint using the instance name 
11

So if you want a password generated, you can do something like “<%=cypher.read(‘password/15/’ + instance.name)%>”

12

that would auto generate you a 15 char password for the instance. Note it’s a bit… overwhelming when you do this at scale since we don’t have rbac on Cypher

13
On the plus side we do finally have search 🙂
14

Rbac on cypher is coming through policy

15

You could probably generate a policy scoped to user or group tied to that cipher at provision time too.

16
Jeff Wheeler I see a cypher.write.  Can we also write cypher with that?
17

think so but wouldnt return, so use read and if it doesent exist it gets generated, as far as I can remember. looks like we need a docs update

18

read for password makes sense. Read for secret/ or something curious how I could supply a value

19
Ah, I mis read the docs, thanks Chris Bunge that seems to work 
20

oh I took it as value needed to be generated not passed