Skip to main content
Members, firewall rules, secrets, and settings can be attached to an organization, project, or Site. Pass exactly one scope flag: --organization-id, --project-id, or --site-id. For guidance on choosing the right scope, see Resource Hierarchy. For the platform security model behind members, firewall rules, and secrets, see Security and Operations.

Members

sitectl libops create member \
  --site-id "$SITE_ID" \
  --account-id "$ACCOUNT_ID" \
  --role developer

sitectl libops list members --site-id "$SITE_ID"
sitectl libops edit member "$ACCOUNT_ID" --site-id "$SITE_ID" --role owner
sitectl libops delete member "$ACCOUNT_ID" --site-id "$SITE_ID" --yes
Roles are owner, developer, and read.

Firewall

sitectl libops create firewall \
  --site-id "$SITE_ID" \
  --name office \
  --cidr 203.0.113.10/32 \
  --type FIREWALL_RULE_TYPE_HTTPS_ALLOWED

sitectl libops list firewall --site-id "$SITE_ID"
sitectl libops delete firewall "$RULE_ID" --site-id "$SITE_ID" --yes
Firewall rules do not currently support in-place update.

Secrets

sitectl libops create secret \
  --site-id "$SITE_ID" \
  --name SMTP_PASSWORD \
  --value "$SMTP_PASSWORD"

sitectl libops create secret \
  --site-id "$SITE_ID" \
  --name TLS_PRIVATE_KEY \
  --value-file ./tls.key

sitectl libops list secrets --site-id "$SITE_ID"
sitectl libops edit secret "$SECRET_ID" --site-id "$SITE_ID" --value "$NEW_VALUE"
sitectl libops delete secret "$SECRET_ID" --site-id "$SITE_ID" --yes
Secret values are write-only from the CLI.

Settings

sitectl libops create setting \
  --site-id "$SITE_ID" \
  --key support_email \
  --value help@example.edu

sitectl libops list settings --site-id "$SITE_ID"
sitectl libops edit setting "$SETTING_ID" --site-id "$SITE_ID" --value helpdesk@example.edu
sitectl libops delete setting "$SETTING_ID" --site-id "$SITE_ID" --yes