Skip to main content

Provider Commands

🔄 Manage cloud provider credentials for secret synchronization.

Overview

Provider commands allow you to configure, manage, and monitor cloud provider integrations for secret synchronization. This enables automated secret deployment to external cloud platforms like GitHub, GCP, and Azure.

Supported Providers

ProviderServiceUse Case
GitHubRepository secretsCI/CD integration, GitHub Actions
GCPSecret ManagerGoogle Cloud applications
AzureKey VaultAzure applications

Commands

kavach provider configure

🔧 Configure provider credentials for secret synchronization

Usage

kavach provider configure <provider> [flags]

Subcommands

  • kavach provider configure github - Configure GitHub provider
  • kavach provider configure gcp - Configure Google Cloud provider
  • kavach provider configure azure - Configure Azure provider

kavach provider configure github

🐙 Configure GitHub provider credentials

Required Flags

FlagDescription
--tokenGitHub Personal Access Token with repo scope
--ownerGitHub organization or username
--repositoryGitHub repository name
--orgOrganization name
--groupSecret group name
--envEnvironment name

Optional Flags

FlagDescriptionDefault
--environmentGitHub environment name"default"
--secret-visibilitySecret visibility: all, selected, private"private"

Examples

# Basic GitHub configuration
kavach provider configure github \
--token "ghp_xxxxxxxxxxxxxxxxxxxx" \
--owner "myorg" \
--repository "myrepo" \
--org "myorg" \
--group "mygroup" \
--env "prod"

# GitHub configuration with environment and visibility
kavach provider configure github \
--token "ghp_xxxxxxxxxxxxxxxxxxxx" \
--owner "myorg" \
--repository "myrepo" \
--environment "production" \
--secret-visibility "private" \
--org "myorg" \
--group "mygroup" \
--env "prod"

kavach provider configure gcp

☁️ Configure Google Cloud provider credentials

Required Flags

FlagDescription
--key-filePath to service account JSON file
--project-idGCP project ID
--orgOrganization name
--groupSecret group name
--envEnvironment name

Examples

# Basic GCP configuration
kavach provider configure gcp \
--key-file "./service-account.json" \
--project-id "my-gcp-project" \
--org "myorg" \
--group "mygroup" \
--env "prod"

kavach provider configure azure

🔷 Configure Azure provider credentials

Required Flags

FlagDescription
--tenant-idAzure tenant ID
--client-idAzure client ID
--client-secretAzure client secret
--vault-nameAzure Key Vault name
--orgOrganization name
--groupSecret group name
--envEnvironment name

Examples

# Basic Azure configuration
kavach provider configure azure \
--tenant-id "your-tenant-id" \
--client-id "your-client-id" \
--client-secret "your-client-secret" \
--vault-name "my-key-vault" \
--org "myorg" \
--group "mygroup" \
--env "prod"

kavach provider list

📋 List configured providers

Usage

kavach provider list [flags]

Flags

FlagDescriptionRequiredDefault
--formatOutput format (table, json, yaml)Notable

Examples

# List all providers
kavach provider list

# List with JSON format
kavach provider list --format json

kavach provider show

👁️ Show provider details

Usage

kavach provider show [flags]

Flags

FlagDescriptionRequired
--providerProvider name (github, gcp, azure)Yes
--formatOutput format (table, json)No

Examples

# Show GitHub provider details
kavach provider show --provider github

# Show GCP provider details
kavach provider show --provider gcp

kavach provider update

🔄 Update provider configuration

Usage

kavach provider update [flags]

Flags

FlagDescriptionRequired
--providerProvider name (github, gcp, azure)Yes
--tokenNew GitHub tokenNo*
--key-fileNew GCP service account fileNo*
--client-secretNew Azure client secretNo*

*Provider-specific flags are required for the respective provider.

Examples

# Update GitHub token
kavach provider update --provider github --token "ghp_new_token_here"

# Update GCP service account
kavach provider update --provider gcp --key-file "./new-service-account.json"

kavach provider delete

🗑️ Delete provider configuration

Usage

kavach provider delete [flags]

Flags

FlagDescriptionRequired
--providerProvider name (github, gcp, azure)Yes
--forceSkip confirmation promptNo

Examples

# Delete GitHub provider (with confirmation)
kavach provider delete --provider github

# Delete GCP provider (force without confirmation)
kavach provider delete --provider gcp --force

Provider Setup Guides

GitHub Setup

1. Create GitHub Personal Access Token

  1. Go to GitHub Settings → Developer settings → Personal access tokens
  2. Click "Generate new token (classic)"
  3. Select scopes: repo, workflow
  4. Copy the generated token

2. Configure GitHub Provider

kavach provider configure github \
--token "ghp_your_github_token" \
--owner "your-org" \
--repository "your-repo" \
--org "myorg" \
--group "mygroup" \
--env "prod"

GCP Setup

1. Create Service Account

  1. Go to Google Cloud Console → IAM & Admin → Service Accounts
  2. Click "Create Service Account"
  3. Assign roles: Secret Manager Admin, Secret Manager Secret Accessor
  4. Create and download JSON key file

2. Configure GCP Provider

kavach provider configure gcp \
--key-file "./service-account.json" \
--project-id "my-gcp-project" \
--org "myorg" \
--group "mygroup" \
--env "prod"

Azure Setup

1. Create Service Principal

  1. Go to Azure Portal → Azure Active Directory → App registrations
  2. Click "New registration"
  3. Assign roles: Key Vault Secrets Officer, Key Vault Secrets User

2. Configure Azure Provider

kavach provider configure azure \
--tenant-id "your-tenant-id" \
--client-id "your-client-id" \
--client-secret "your-client-secret" \
--vault-name "my-key-vault" \
--org "myorg" \
--group "mygroup" \
--env "prod"

Workflow Examples

Complete Provider Setup

# 1. Configure GitHub provider
kavach provider configure github \
--token "ghp_github_token" \
--owner "my-org" \
--repository "my-repo" \
--org "myorg" \
--group "mygroup" \
--env "prod"

# 2. Configure GCP provider
kavach provider configure gcp \
--key-file "./gcp-service-account.json" \
--project-id "my-gcp-project" \
--org "myorg" \
--group "mygroup" \
--env "prod"

# 3. List all providers
kavach provider list

# 4. Sync secrets to providers
kavach secret sync --provider github
kavach secret sync --provider gcp

Best Practices

1. Credential Management

# Use environment variables for sensitive data
export GITHUB_TOKEN="ghp_your_token"
export GCP_KEY_FILE="./service-account.json"

kavach provider configure github --token "$GITHUB_TOKEN"
kavach provider configure gcp --key-file "$GCP_KEY_FILE"

2. Token Rotation

# Regular token updates
kavach provider update --provider github --token "new_token"
kavach provider update --provider gcp --key-file "new_service_account.json"

Next Steps

After configuring providers:

  1. Store Secrets: Secret Management
  2. Sync Secrets: Secret Synchronization
  3. Set Up CI/CD: Provider Commands