> ## Documentation Index > Fetch the complete documentation index at: https://docs.xloud.tech/llms.txt > Use this file to discover all available pages before exploring further. # Key Manager CLI Reference > Complete openstack secret CLI commands for managing secrets, containers, certificates, and ACLs in Xloud Key Manager. ## Overview The `openstack secret` command group manages secrets, containers, and access control policies in the Xloud Key Manager service. **Prerequisites** * CLI installed and authenticated — see [CLI Setup](/cli-setup) * Python barbicanclient installed: `pip install python-barbicanclient` *** ## Secrets ```bash title="List secrets" theme={null} openstack secret list ``` ```bash title="Store a passphrase" theme={null} openstack secret store \ --name db-password \ --secret-type passphrase \ --payload "my-secure-password" ``` ```bash title="Store a symmetric key" theme={null} openstack secret order create \ --name aes-key \ --algorithm aes \ --bit-length 256 \ --mode cbc \ key ``` ```bash title="Store from file" theme={null} openstack secret store \ --name tls-cert \ --secret-type certificate \ --file /path/to/cert.pem \ --payload-content-type "application/octet-stream" ``` ```bash title="Show secret metadata" theme={null} openstack secret get ``` ```bash title="Retrieve secret payload" theme={null} openstack secret get --payload ``` ```bash title="Delete secret" theme={null} openstack secret delete ``` *** ## Containers ```bash title="List containers" theme={null} openstack secret container list ``` ```bash title="Create certificate container" theme={null} openstack secret container create \ --name my-tls \ --type certificate \ --secret "certificate=" \ --secret "private_key=" ``` ```bash title="Show container" theme={null} openstack secret container get ``` ```bash title="Delete container" theme={null} openstack secret container delete ``` *** ## Orders (Key Generation) ```bash title="List orders" theme={null} openstack secret order list ``` ```bash title="Generate AES key" theme={null} openstack secret order create \ --name my-key \ --algorithm aes \ --bit-length 256 \ key ``` ```bash title="Show order" theme={null} openstack secret order get ``` ```bash title="Delete order" theme={null} openstack secret order delete ``` *** ## ACLs ```bash title="Show ACL for secret" theme={null} openstack acl get ``` ```bash title="Grant read access to a user" theme={null} openstack acl submit \ --user \ --operation-type read \ ``` ```bash title="Delete ACL" theme={null} openstack acl delete ``` *** ## Next Steps Guide to storing and retrieving secrets securely Manage TLS certificates and certificate orders