Command Line Usage¶
General options¶
usage: batou [-h] [-d] {deploy,secrets,init} ...
batou v2.0b12: multi-(host|component|environment|version|platform) deployment
positional arguments:
{deploy,secrets,init}
deploy Deploy an environment.
secrets Manage encrypted secret files. Relies on age (or GPG)
being installed and configured correctly.
migrate Migrate the configuration to be compatible with the
batou version used. Requires to commit the changes
afterwards. Might show some additional upgrade steps
which cannot be performed automatically.
optional arguments:
-h, --help show this help message and exit
-d, --debug Enable debug mode. (default: False)
batou deploy¶
usage: batou deploy [-h] [-p PLATFORM] [-t TIMEOUT] [-D] [-c] [-P]
[--local] [-j JOBS]
[--provision-rebuild]
environment
positional arguments:
environment Environment to deploy.
optional arguments:
-h, --help show this help message and exit
-p PLATFORM, --platform PLATFORM
Alternative platform to choose. Empty for no platform.
-t TIMEOUT, --timeout TIMEOUT
Override the environment's timeout setting
-D, --dirty Allow deploying with dirty working copy or outgoing
changes.
-c, --consistency-only
Only perform a deployment model and environment
consistency check. Only connects to a single host.
Does not touch anything.
-P, --predict-only Only predict what updates would happen. Do not change
anything.
-L, --local When running in consistency-only or predict-only mode,
do not connect to the remote host, but check and
predict using the local host's state.
-j JOBS, --jobs JOBS Defines number of jobs running parallel to deploy. The
default results in a serial deployment of components.
Will override the environment settings for operational
flexibility.
--provision-rebuild Rebuild provisioned resources from scratch. DANGER:
this is potentially destructive.
batou secrets edit¶
usage: batou secrets edit [-h] [--editor EDITOR] environment
positional arguments:
environment Environment to edit secrets for.
optional arguments:
-h, --help show this help message and exit
--editor EDITOR, -e EDITOR
Invoke EDITOR to edit (default: $EDITOR or vi)
batou secrets summary¶
Show an overview of which users have access to what encrypted secrets.
usage: ./batou secrets summary [-h]
optional arguments:
-h, --help show this help message and exit
Example:
$ ./batou secrets summary
production
members
- alice@example.com
secret files
- secrets.yaml
tutorial
members
- alice@example.com
- bob@example.com
secret files
(none)
batou secrets add¶
usage: batou secrets add [-h] [--environments ENVIRONMENTS] keyid
positional arguments:
keyid The user's key ID or email address
optional arguments:
-h, --help show this help message and exit
--environments ENVIRONMENTS
The environments to update. Update all if not
specified.
batou secrets remove¶
usage: batou secrets remove [-h] [--environments ENVIRONMENTS] keyid
positional arguments:
keyid The user's key ID or email address
optional arguments:
-h, --help show this help message and exit
--environments ENVIRONMENTS
The environments to update. Update all if not
specified.
batou secrets reencrypt¶
Re-encrypt all secrets with the current set of keys. This is useful when you want to update the set of public keys fetched from a key server.
usage: batou secrets reencrypt [-h] [--environments ENVIRONMENTS]
optional arguments:
-h, --help show this help message and exit
--environments ENVIRONMENTS
The environments to update. Update all if not
specified.
batou secrets decrypttostdout¶
Decrypts a secret file to stdout. It’s intended usage is for allowing git to decrypt secrets before displaying a diff to the user. You can set up the command withing your project like this:
git config diff.batou.textconv "./batou secrets decrypttostdout"
echo "*.gpg diff=batou" >> .gitattributes
echo "*.age diff=batou" >> .gitattributes
echo "*.age-diffable diff=batou" >> .gitattributes
This only works if your batou binary is in the root of your git project. .. code-block:: console
usage: batou secrets decrypttostdout [-h] file
- positional arguments:
- file The secret file to decrypt, should be contained in an
environment.
- optional arguments:
- -h, --help
show this help message and exit