Hrbr Secrets Api Keys

hrbr secrets list
hrbr api-keys list

Common commands

Workspace secrets

hrbr secrets list
hrbr secrets create --name github-token --value <value>

API keys

hrbr api-keys list
hrbr api-keys create --name local-dev
hrbr api-keys list --full
hrbr api-keys revoke --key-id <id>

Choosing the right mechanism

• Plugin or agent needs a named credential in the workspace → use a secret.
• CI pipeline or remote script needs Harbor API access → use an API key.
• Team needs to share project-local .env files across clones → use hrbr env instead.

Good practice

• Use descriptive secret names such as openai-api-key, prod-database-url, or stripe-webhook-secret.
• Keep one credential per secret.
• Store API keys in your CI secret manager or password manager immediately.
• Revoke old API keys after confirming the replacement works.

Troubleshooting

• Forgot a secret value → Harbor will not read it back for you; create a new secret value under the right name or rotate the integration.
• Lost the full API key after creation → create a new one, then revoke the old one.
• Unsure which key to revoke → run hrbr api-keys list --full and use the key ID, not just the prefix.
• Need project-scoped env sharing instead of single secret values → switch to hrbr env push / hrbr env pull.