Secret Commands

Read secrets from the CLI.

get

Fetch a secret value and print it to stdout.

# Read a single-value secret
sikkerkey get sk_a1b2c3d4e5

# Read a specific field from a structured secret
sikkerkey get sk_db_prod password

# Read the full JSON for a structured secret
sikkerkey get sk_db_prod

The CLI automatically detects which project the secret belongs to. Exit code 0 on success, 1 on error.

JSON Output

Use -o json for machine-parseable output:

# Simple secret
sikkerkey get sk_a1b2c3d4e5 -o json

{
  "id": "sk_a1b2c3d4e5",
  "value": "my-secret-value"
}

# Structured secret -- includes parsed fields
sikkerkey get sk_db_prod -o json

{
  "id": "sk_db_prod",
  "value": "{\"host\":\"db.example.com\",\"password\":\"hunter2\"}",
  "fields": {
    "host": "db.example.com",
    "password": "hunter2"
  }
}

# Single field
sikkerkey get sk_db_prod password -o json

{
  "id": "sk_db_prod",
  "field": "password",
  "value": "hunter2"
}

Flags

Flag	Description
`-o`, `--output <format>`	`plain` (default) or `json`
`--project <name>`	Use a specific project

Notes

Machines are consumers, not managers. Secret creation, updates, rotation, and deletion are done through the dashboard.
The CLI is read-only by design. This ensures machines cannot modify the secrets they consume.