Passwork CLI
Passwork CLI is a command-line tool for retrieving passwords from Passwork and securely working with them using scripts, automation, and CI/CD.
Main operating modes
- exec — retrieves passwords, places them in environment variables, and runs the specified command with these variables.
- api — allows to execute any Passwork API method and receive a response in JSON format.
What Passwork CLI is used for
- Secure connection to databases and services — passwords are not saved to disk, don't appear in command history, and are substituted only during command execution.
- Deployment automation and CI/CD — secrets from Passwork are automatically available in pipelines.
- Server administration — tasks are performed using temporary environment variables.
- Integration with DevOps tools — quick password retrieval for scripts, Ansible, Terraform, and other tools.
Additional Passwork CLI benefits
- Access to passwords only during process execution
- Self-signed certificate support
- Flexible password filtering by tags, folders, vaults
- All data is encrypted on the client side (when client-side encryption mode is enabled)
Installation
You can install the package directly from Github:
- shell
pip install git+ssh://[email protected]:passwork-me/passwork-python.git
or
- shell
pip install git+https://github.com/passwork-me/passwork-python.git
Usage Examples
- Get password and run script:
- shell
passwork-cli exec --password-id 123456 --cmd "python3 backup.py"
- Get multiple passwords from folder and start service:
- shell
passwork-cli exec --folder-id 654321 --cmd "docker-compose up"
- Get list of all vaults via API:
- shell
passwork-cli api --method GET --endpoint v1/vaults
- Execute command with self-signed certificate:
- shell
passwork-cli exec --no-ssl-verify --password-id 111222 --cmd "ansible-playbook site.yml"
warning
It's recommended to use environment variables for storing tokens and master keys