ss-cli-rotate-and-sync
Rotate and Sync — Update a Secret, Refresh Env Files
Updates one or more fields on a Secret Server secret, then re-syncs any env files that depend on it. Use this for credential rotation workflows.
When to use
- The user wants to rotate a password or API key
- A secret value changed and downstream
.envfiles need updating - Post-rotation cleanup after an automated password change
Prerequisites
- Valid Secret Server token
- The secret ID to update
- The new field value
Workflow
Step 1 — Update the secret
More from sieteunoseis/ss-cli
ss-cli-deploy
Deploys a Docker Compose service with secrets from Delinea Secret Server injected as environment variables. Secrets are never written to disk — they exist only in the subprocess memory. Use when deploying services that need credentials.
2ss-cli-env-sync
Syncs secrets from Delinea Secret Server to a .env file using a JSON map. Use when the user asks to refresh, update, or pull credentials into an env file. Requires a valid ss-cli token.
2ss-cli-agent-check
Validates a Delinea Secret Server token before running any ss-cli operations. Use this at the start of any automated workflow. If the token is invalid or expired, stop and ask the human to run `ss-cli login`.
2ss-cli-resolve-and-deploy
Resolves <ss:ID:field> placeholders in a config template using Delinea Secret Server secrets, then deploys the result to a remote server via SSH. Secrets flow through stdin/stdout only — never stored on disk. Use when deploying config files that contain credentials.
2ss-cli
Use when managing secrets from Delinea Secret Server — fetching credentials, syncing env files, deploying with injected secrets, resolving config templates, and rotating passwords. Covers all ss-cli operations.
1