{"id":37178600,"url":"https://github.com/javiermarasco/harpo","last_synced_at":"2026-01-14T20:48:49.575Z","repository":{"id":42430388,"uuid":"465242728","full_name":"javiermarasco/harpo","owner":"javiermarasco","description":"A powerfull CLI to seamlessly manage secrets in Azure, AWS and GCP from a single command line.","archived":false,"fork":false,"pushed_at":"2023-02-01T10:31:30.000Z","size":116,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-19T16:46:33.974Z","etag":null,"topics":["aws","azure","gcp"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/javiermarasco.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-02T09:40:39.000Z","updated_at":"2023-08-17T22:59:37.000Z","dependencies_parsed_at":"2023-02-17T04:30:31.934Z","dependency_job_id":null,"html_url":"https://github.com/javiermarasco/harpo","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/javiermarasco/harpo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/javiermarasco%2Fharpo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/javiermarasco%2Fharpo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/javiermarasco%2Fharpo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/javiermarasco%2Fharpo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/javiermarasco","download_url":"https://codeload.github.com/javiermarasco/harpo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/javiermarasco%2Fharpo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","gcp"],"created_at":"2026-01-14T20:48:48.982Z","updated_at":"2026-01-14T20:48:49.557Z","avatar_url":"https://github.com/javiermarasco.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Harpo (short for harpocrates)\n\nThe objective of this cli is to be able to manage secrets in Azure, AWS and GCP by using a path to \nspecify where a secret is stored in a \"folder structure\" approach while providing an easy way to list \nsecrets in this folder structure and also an easy way to retrieve the values of those secrets.\n\n\n# How to build it\n\nTo build this project you will need Go 1.17 and run the following commands\n```\ngo build\n```\n\nThat will create a file called `harpo.exe` in Windows and `harpo` in Linux\n# How to use\n\nThe syntax of the commands is the same for all cloud providers, just keep in mind the order of the parameters is important (currently is not possible to exchange the order of the parameters.)\n## Environment variables setup\n\nYou need to define some environment variables in order to use `harpo`, those depend on the cloud provider and you can have more than one cloud provider setup at the same time (specially if you want to copy or migrate from one cloud to another this is mandatory). Once your have this variables defined you can start using the CLI.\n\n### Azure\n- \"AZ_CLIENTID\" (Contains the client id of the service princial/app registration used to access your keyvault)\n- \"AZ_CLIENTSECRET\" (Contains the secret of the service principal/app registration)\n- \"AZ_TENANTID\" (Contains the Tenant ID where your keyvault is deployed)\n- \"AZ_KVNAME\" (Contains the name of the keyvault to use)\n\n### AWS\n- \"AWS_ACCESS_KEY_ID\" (Contains the key ID of the user that will be used to access Secrets Manager)\n- \"AWS_SECRET_ACCESS_KEY\" (The access key of the user that will be used to access the Secrets Manager)\n- \"AWS_REGION\" (The region where the Secrets Manager instance is defined)\n\n\n### GCP\n- \"GOOGLE_APPLICATION_CREDENTIALS\" (Contains the path to the json file with the credentials for your google cloud account)\n- \"GCP_parent\" (Contains the reference to the parent of the secrets in the format 'projects/parentid')\n\nFor AWS the following permissions are needed:\n  - secretsmanager:Name\n  - secretsmanager:Description\n  - secretsmanager:KmsKeyId\n  - aws:RequestTag/${TagKey}\n  - aws:ResourceTag/${TagKey}\n  - aws:TagKeys\n  - secretsmanager:ResourceTag/tag-key\n  - secretsmanager:AddReplicaRegions\n  - secretsmanager:ForceOverwriteReplicaSecret\n  - resourcetypes: Secret*\n  - secretsmanager:TagResource\n  - secretsmanager:UntagResource\n\n## Path specification\n\nThe path is a logical/human understandable approach to remember where the secrets are stored, the path can be any of the following formats:\n- /some/words/to/define\n- some/words/to/path\n- /a/path/somewhere/\n- a/path/to/some/secret\n\n- Any \"/\" at the beginning or end of the path will be removed\n\n\n## Write secrets\n\nThis command will write a secret into the secret store using the path specified and the name and value.\n\nharpo \u003ccloud_provider\u003e -write -path \u003cpath\u003e -name \u003csecret_name\u003e -value \u003csecret_value\u003e\n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n- secret_name: This is the name the secret will have, it can be any alphanumeric with a maximum of 20\n  examples:\n    - servername\n    - serverport\n    - connectionstring\n- secret_value: Will contain the value you want to store for this secret\n  examples:\n    - myserver.com\n    - 8080\n    - database1.server.com:4333\n\n### Read secrets (Human readable)\n\nThis command will look for the secret with \u003csecret_name\u003e in the path \u003cpath\u003e and will output the value in a human readable format.\nThis is useful when you are looking for a value in the secret store. For automations check the \"Export\" command.\n\nharpo \u003ccloud_provider\u003e -read -path \u003cpath\u003e -name \u003csecret_name\u003e\n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n- secret_name: This is the name the secret will have, it can be any alphanumeric with a maximum of 20\n  examples:\n    - servername\n    - serverport\n    - connectionstring\n\nExample output:\n```\nharpo read -path /infra/dev -name serverport\nThe value of the secret is:  443\n```\n\n### Export secrets (Automation)\n\nThis command will output the value of a \u003csecret_name\u003e found in the path \u003cpath\u003e and will output the value without formatting.\nThis is the best option for automation.\n\nharpo \u003ccloud_provider\u003e -export -path \u003cpath\u003e -name \u003csecret_name\u003e\n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n- secret_name: This is the name the secret will have, it can be any alphanumeric with a maximum of 20\n  examples:\n    - servername\n    - serverport\n    - connectionstring\n\nExample output:\n```\nharpo export -path /infra/dev -name serverport\n443\n```\n\n### List secrets \n\nThis command is useful to look for a secret in a path when you don't know the secrets stored in a particular path.\n\nharpo \u003ccloud_provider\u003e -list -path \u003cpath\u003e\n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n\nExample output:\n```\nharpo list -path /infra/dev\nThe path for the secret is:  infra/dev/serverport\nThe path for the secret is:  infra/dev/servername\n```\n\n### Delete secrets\n\nThis command will delete a secret from a cloud provider, `there is no confirmation requested`. Keep in mind each cloud provider has a retention policy configuration, by default when you delete a secret they stay \"hidden\" for certain time which makes the creation of another secret with the same name impossible until that grace period is expired, please check your cloud provider documentation for more information.\n\nharpo \u003ccloud_provider\u003e delete -path \u003cpath\u003e -name \u003csecret_name\u003e \n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n- secret_name: This is the name the secret will have, it can be any alphanumeric with a maximum of 20\n  examples:\n    - servername\n    - serverport\n    - connectionstring\n\nExample output:\n```\nharpo az delete -path /infra/demo -name servername\nDeleteing secret from Azure Key Vault\nSuccessfully deleted secret from Azure Keyvault\n```\n### Copy secrets\n\nThis command will copy a secret from one cloud provider to another one, is only possible to copy from one cloud provider to another.\n\nharpo \u003ccloud_provider\u003e copy -path \u003cpath\u003e -name \u003csecret_name\u003e -destination \u003ccloud_provider\u003e\n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n- secret_name: This is the name the secret will have, it can be any alphanumeric with a maximum of 20\n  examples:\n    - servername\n    - serverport\n    - connectionstring\n\nExample output:\n```\nharpo aws copy -path /infra/dev/servers/internal/sql/primary/ -name sqlconnectionstring -destination az\nCopying secret from AWS to AZ\n```\n\n### Migrate secrets\n\nThis command will copy the secret from one cloud provider to another and then delete the origin one thus moving the secret.\n\nharpo \u003ccloud_provider\u003e migrate -path \u003cpath\u003e -name \u003csecret_name\u003e -destination \u003ccloud_provider\u003e\n\n- cloud_provider: Could be \"az\" for Azure or \"aws\" for AWS\n- path: This is the path where the secret will be stored, it can start or end with a \"/\"\n  examples: \n    - /infra/dev\n    - /infra/dev/\n    - infra/dev\n- secret_name: This is the name the secret will have, it can be any alphanumeric with a maximum of 20\n  examples:\n    - servername\n    - serverport\n    - connectionstring\n\nExample output:\n```\nharpo aws migrate -path /infra/dev/servers/internal/sql/primary/ -name sqlconnectionstring -destination az\nMigrating secret from AWS to AZ\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaviermarasco%2Fharpo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaviermarasco%2Fharpo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaviermarasco%2Fharpo/lists"}