Version: 7.0

Executing commands (exec)

Overview

exec retrieves an item from Passwork, decrypts values, and exports them to environment variables, then runs the specified command with access to these variables.

Item identification

Specify one or more parameters with values:

Parameter	Description
`--password-id`	Item ID (or multiple comma-separated)
`--folder-id`	Folder ID (or multiple comma-separated)
`--vault-id`	Vault ID (or multiple comma-separated)
`--tags`	Tags to search (comma-separated)

How it works

Connects to the server and authenticates.
Searches for items by identification parameters.
Decrypts values (password, custom fields).
Creates environment variables: variable name corresponds to item/field name (spaces/symbols are replaced with _).
Runs the command; the command's exit code is returned.

Syntax

shell

passwork-cli exec [parameters] command_to_execute

Or with --cmd:

shell

passwork-cli exec [parameters] --cmd "command_to_execute"

Examples

Run a database client with a password from an item:

shell

export PASSWORK_HOST="https://passwork.example.com"
export PASSWORK_TOKEN="<access_token>"
export PASSWORK_MASTER_KEY="<master_key>"

passwork-cli exec --password-id "db_password_id" \
  mysql -u admin -h localhost -p"$DB_PASSWORD" database_name

Retrieve multiple passwords from a folder and run a script:

shell

passwork-cli exec --folder-id "project_folder_id" ./deploy.sh

Command with pipes/quotes (via --cmd):

shell

passwork-cli exec --password-id "server_creds" \
  --cmd "ssh user@server 'journalctl -u app | grep ERROR' > errors.log"

Search by tags and run a complex scenario:

shell

passwork-cli exec \
  --tags "production,api" \
  ./complex_deployment.sh

Notes

In environment variables: the main item value (password) and additional fields with password type.
Variable names are normalized: spaces and special characters are replaced with _.
For self-signed certificates, use --no-ssl-verify.

Overview​

Item identification​

How it works​

Syntax​

Examples​

Notes​