Managing an organization account

To help users collaborate in teams, SecretHub supports organization accounts. Similar to a user’s personal namespace, an organization account also has a dedicated namespace to hold repositories. SecretHub users can be members of multiple organizations and have either a member or admin role in an organization.

To manage an organization account, the org subcommand can be used. Below each command is described in detail.

Command: org init

To initialize a new organization account, you can run the org init command:

secrethub org init [options]

This creates a new organization account with you as its sole administrator.

Flags

--name (string)
The name for the new organization account. If not set, you will be asked for it.
--descr (string)
A description (max. 144 characters long) for your organization so users will recognize it. If not set, you will be asked for it.

Command: org inspect

To show the lower level details of an organization account, you can run the org inspect command:

secrethub org inspect [options] <org-name>

The org inspect command prints out the details of an organization, such as its members and repositories, in JSON format.

Arguments

<org-name> (string)
The organization to show details of.

Command: org invite

To invite another user to join your organization, you can use the org invite command:

secrethub org invite [options] <org-name> <username>

The org invite command makes the user a member of your organization. This does not yet give the invited user access to repositories, you can use the repo invite command for that. Note that only organization administrators can invite other users to join.

Arguments

<org-name> (string)
The organization to invite the user to.
<username> (string)
The username of the user to invite.

Flags

--role (string)
Assign a role to the invited member. This can be either admin or member. It defaults to member.

Command: org list-users

To list all users of an organization and their role, you can use the org list-users command:

secrethub org list-users [options] <org-name>

The org list-users command prints out the details of each organization user in a table format.

Arguments

<org-name> (string)
The organization to list users for.

Command: org ls

To list all organizations you’re a member of, you can use the org ls command:

org ls [options]

The org ls command prints out the details of each organization you’re a member of.

Keep an eye on the STATUS field, as it indicates the security status of the contents of an organization. For instance, organizations containing a flagged repository will have their status flagged.

For scripting, you may want to disable the table format output. Use the --quiet flag to make the command only print out organization names.

Flags

-q, --quiet (boolean)
Only print organization names.

Command: org set-role

To change the organization role of a user, you can use the org set-role command:

secrethub org set-role [options] <org-name> <username> <role>

Note that only organization administrators can change user’s roles and there must always be at least one administrator in an organization account.

Arguments

<org-name> (string)
The organization to change the user’s role for.
<username> (string)
The username whose role to change.
<role> (string)
The role to assign to the user. This can be either admin or member.

Command: org revoke

To revoke a user from an organization, you can use the org revoke command:

secrethub org revoke [options] <org-name> <username>

This automatically revokes the user from all of the organization’s repositories. A list of repositories containing secrets that should be rotated will be printed out.

One special case to note is when organization repositories exist that the revoked user is the sole administrator of. To avoid bricking a repository by revoking the user immediately, a manual override is required: either the repository must be removed or a second user must be given administrator rights.

The revocation process will complete once the user has been successfully revoked from all organization repositories.

Arguments

<org-name> (string)
The organization to revoke the user from.
<username> (string)
The username to revoke.

Command: org rm

To permanently remove an organization account, you can use the org rm command:

secrethub org rm [options] <org-name>

Note that this command cannot be undone and should be handled with caution. The org rm command permanently deletes an organization account and all the repositories it contains.

Arguments

<org-name> (string)
The organization to remove permanently.