---
title: FileSystemSecretStore
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-filesystemsecretstore
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-filesystemsecretstore.html
section_ids:
sec-amster-entity-filesystemsecretstore-realm-ops: Realm Operations
sec-amster-entity-filesystemsecretstore-realm-ops-create: create
sec-amster-entity-filesystemsecretstore-realm-ops-delete: delete
sec-amster-entity-filesystemsecretstore-realm-ops-getalltypes: getAllTypes
sec-amster-entity-filesystemsecretstore-realm-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-filesystemsecretstore-realm-ops-nextdescendents: nextdescendents
sec-amster-entity-filesystemsecretstore-realm-ops-query: query
sec-amster-entity-filesystemsecretstore-realm-ops-read: read
sec-amster-entity-filesystemsecretstore-realm-ops-update: update
sec-amster-entity-filesystemsecretstore-global-ops: Global Operations
sec-amster-entity-filesystemsecretstore-global-ops-create: create
sec-amster-entity-filesystemsecretstore-global-ops-delete: delete
sec-amster-entity-filesystemsecretstore-global-ops-getalltypes: getAllTypes
sec-amster-entity-filesystemsecretstore-global-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-filesystemsecretstore-global-ops-nextdescendents: nextdescendents
sec-amster-entity-filesystemsecretstore-global-ops-query: query
sec-amster-entity-filesystemsecretstore-global-ops-read: read
sec-amster-entity-filesystemsecretstore-global-ops-update: update
---
# FileSystemSecretStore
## Realm Operations
Resource path:
```
/realm-config/secrets/stores/FileSystemSecretStore
```
Resource version: `0.0`
### create
**Usage**
```
am> create FileSystemSecretStore --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"suffix" : {
"title" : "File suffix",
"description" : "A suffix to add to the name of each secret to obtain the file name.
Example for a file suffix of value .txt: my.secret.txt
Default: no suffix.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"versionSuffix" : {
"title" : "Version suffix",
"description" : "The suffix to add to the secret filename to support versioning.
Example for a version suffix of value .v and a file suffix of value .txt: my.secret.v1.txt
Default: no suffix.",
"propertyOrder" : 250,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"directory" : {
"title" : "Directory",
"description" : "The directory containing secret files.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"format" : {
"title" : "File format",
"description" : "Indicates what format is used to store the secrets in the files. The available options are: - Plain text: the secrets are stored as UTF-8 encoded text.
- Base64 encoded: the secrets are stored as Base64 encoded binary values.
- Encrypted text: the plain text secrets are encrypted using AM's encryption key.
- Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.
- Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.
- PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.
- Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.
- Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.
The following formats are also supported but are discouraged (use the PEM variants instead):
- Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.
- Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.
- Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).
",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
}
```
### delete
**Usage**
```
am> delete FileSystemSecretStore --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action FileSystemSecretStore --realm Realm --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action FileSystemSecretStore --realm Realm --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action FileSystemSecretStore --realm Realm --actionName nextdescendents
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query FileSystemSecretStore --realm Realm --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read FileSystemSecretStore --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update FileSystemSecretStore --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"suffix" : {
"title" : "File suffix",
"description" : "A suffix to add to the name of each secret to obtain the file name.
Example for a file suffix of value .txt: my.secret.txt
Default: no suffix.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"versionSuffix" : {
"title" : "Version suffix",
"description" : "The suffix to add to the secret filename to support versioning.
Example for a version suffix of value .v and a file suffix of value .txt: my.secret.v1.txt
Default: no suffix.",
"propertyOrder" : 250,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"directory" : {
"title" : "Directory",
"description" : "The directory containing secret files.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"format" : {
"title" : "File format",
"description" : "Indicates what format is used to store the secrets in the files. The available options are: - Plain text: the secrets are stored as UTF-8 encoded text.
- Base64 encoded: the secrets are stored as Base64 encoded binary values.
- Encrypted text: the plain text secrets are encrypted using AM's encryption key.
- Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.
- Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.
- PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.
- Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.
- Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.
The following formats are also supported but are discouraged (use the PEM variants instead):
- Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.
- Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.
- Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).
",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
}
```
## Global Operations
Resource path:
```
/global-config/secrets/stores/FileSystemSecretStore
```
Resource version: `1.0`
### create
**Usage**
```
am> create FileSystemSecretStore --global --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"directory" : {
"title" : "Directory",
"description" : "The directory containing secret files.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"format" : {
"title" : "File format",
"description" : "Indicates what format is used to store the secrets in the files. The available options are: - Plain text: the secrets are stored as UTF-8 encoded text.
- Base64 encoded: the secrets are stored as Base64 encoded binary values.
- Encrypted text: the plain text secrets are encrypted using AM's encryption key.
- Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.
- Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.
- PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.
- Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.
- Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.
The following formats are also supported but are discouraged (use the PEM variants instead):
- Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.
- Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.
- Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).
",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"versionSuffix" : {
"title" : "Version suffix",
"description" : "The suffix to add to the secret filename to support versioning.
Example for a version suffix of value .v and a file suffix of value .txt: my.secret.v1.txt
Default: no suffix.",
"propertyOrder" : 250,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"suffix" : {
"title" : "File suffix",
"description" : "A suffix to add to the name of each secret to obtain the file name.
Example for a file suffix of value .txt: my.secret.txt
Default: no suffix.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
}
}
}
```
### delete
**Usage**
```
am> delete FileSystemSecretStore --global --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action FileSystemSecretStore --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action FileSystemSecretStore --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action FileSystemSecretStore --global --actionName nextdescendents
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query FileSystemSecretStore --global --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read FileSystemSecretStore --global --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update FileSystemSecretStore --global --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"directory" : {
"title" : "Directory",
"description" : "The directory containing secret files.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"format" : {
"title" : "File format",
"description" : "Indicates what format is used to store the secrets in the files. The available options are: - Plain text: the secrets are stored as UTF-8 encoded text.
- Base64 encoded: the secrets are stored as Base64 encoded binary values.
- Encrypted text: the plain text secrets are encrypted using AM's encryption key.
- Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.
- Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.
- PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.
- Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.
- Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.
The following formats are also supported but are discouraged (use the PEM variants instead):
- Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.
- Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.
- Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).
",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"versionSuffix" : {
"title" : "Version suffix",
"description" : "The suffix to add to the secret filename to support versioning.
Example for a version suffix of value .v and a file suffix of value .txt: my.secret.v1.txt
Default: no suffix.",
"propertyOrder" : 250,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"suffix" : {
"title" : "File suffix",
"description" : "A suffix to add to the name of each secret to obtain the file name.
Example for a file suffix of value .txt: my.secret.txt
Default: no suffix.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
}
}
}
```