Executing commands (exec)
Overview
exec retrieves an item from Passwork, decrypts values, and exports them to environment variables, then runs the specified command with access to these variables.
Item identification
Specify one or more parameters with values:
| Parameter | Description |
|---|---|
--password-id | Item ID (or multiple comma-separated) |
--folder-id | Folder ID (or multiple comma-separated) |
--vault-id | Vault ID (or multiple comma-separated) |
--tags | Tags to search (comma-separated) |
How it works
- Connects to the server and authenticates.
- Searches for items by identification parameters.
- Decrypts values (password, custom fields).
- Creates environment variables: variable name corresponds to item/field name (spaces/symbols are replaced with
_). - Runs the command; the command's exit code is returned.
Syntax
- shell
passwork-cli exec [parameters] command_to_execute
Or with --cmd:
- shell
passwork-cli exec [parameters] --cmd "command_to_execute"
Examples
Run a database client with a password from an item:
- shell
export PASSWORK_HOST="https://passwork.example.com"
export PASSWORK_TOKEN="<access_token>"
export PASSWORK_MASTER_KEY="<master_key>"
passwork-cli exec --password-id "db_password_id" \
mysql -u admin -h localhost -p"$DB_PASSWORD" database_name
Retrieve multiple passwords from a folder and run a script:
- shell
passwork-cli exec --folder-id "project_folder_id" ./deploy.sh
Command with pipes/quotes (via --cmd):
- shell
passwork-cli exec --password-id "server_creds" \
--cmd "ssh user@server 'journalctl -u app | grep ERROR' > errors.log"
Search by tags and run a complex scenario:
- shell
passwork-cli exec \
--tags "production,api" \
./complex_deployment.sh
Notes
- In environment variables: the main item value (password) and additional fields with password type.
- Variable names are normalized: spaces and special characters are replaced with
_. - For self-signed certificates, use
--no-ssl-verify.