Blog
News Releases Glossary What is Passwork?
Releases

Python connector 0.1.5: Automated secrets management

Eirik Salmi

The new Python connector version 0.1.5 expands CLI utility capabilities. We've added commands that solve critical tasks for DevOps engineers and developers — secure retrieval and updating of secrets in automated pipelines.

What this solves

Hardcoded secrets, API keys, tokens, and database credentials create security vulnerabilities and operational bottlenecks. Manual secret management introduces delays and human error into deployment pipelines. The new get and update commands in passwork-cli fully automate secrets management. Passwork functions as your single source of truth (SSOT): secrets stay centralized, secure, and fully automated.

How the new commands work

  • get — retrieves data from Passwork
  • update — updates data in Passwork
Both commands support all field types: passwords, tokens, API keys, and custom fields.

Get: Retrieving data from entries

The get command extracts any field value from an entry and fits perfectly into automation scripts.

Retrieving specific fields

Use the --field flag to extract login, URL, or values from any custom field.

# Get API access token from custom field 'API_TOKEN'
export API_TOKEN=$(passwork-cli get --password-id "..." --field API_TOKEN)

Generating TOTP codes

If you store two-factor authentication secrets in Passwork, passwork-cli generates the current code directly in your terminal. Use the --totp-code flag.

# Get TOTP code for VPN connection
VPN_TOTP=$(passwork-cli get --password-id "..." --totp-code "VPN_SECRET")

Update: Modifying secrets

The update command changes data in Passwork and automates secret rotation.

Updating custom fields

The --custom-<field_name> flag updates values in custom fields.

# Update API key in entry
passwork-cli update --password-id "..." --custom-API_KEY "new-generated-key"

Bulk updates

Now you can modify multiple fields with a single command.

# Update password and tags simultaneously
passwork-cli update \
  --password-id "..." \
  --password "NewComplexP@ssw0rd" \
  --tags "production,rotated,automated"

Client-side encryption support

Both get and update commands fully support Passwork's client-side encryption mode. When using get, all encrypted fields are automatically decrypted using the master key. When executing update, data is first encrypted on your side and only then sent to the server.

You can find all information about Passwork updates in our release notes

Further reading

Passwork: Secrets management and automation for DevOps
Table of contents * Introduction * What is secrets management * Why secrets management matters * Passwork: More than a password manager * Automation tools * How we automate password rotation * Security: Zero Knowledge and encryption * Authorization and tokens * Conclusions Introduction In corporate environment, the number of passwords, keys, and digital certificates is rapidly increasing, and
Passwork BlogEirik Salmi
The 2025 small business cybersecurity checklist: A complete guide | Passwork
Passwork’s 2025 cybersecurity checklist, based on the NIST framework, provides actionable steps to prevent data breaches and financial loss.
Passwork BlogEirik Salmi
Passwork 7.2 release
The new version introduces customizable notifications with flexible delivery options, enhanced event logging descriptions, expanded CLI functionality, server-side PIN code storage for the browser extension, and the ability to enable client-side encryption during initial Passwork configuration. Notification settings We’ve added a dedicated notification settings section where you can choose notification
Passwork BlogEirik Salmi
Company
About us Privacy policy ISO 27001 certificate Release notes Roadmap Blog
Browser extension
Google Chrome Mozilla Firefox Microsoft Edge Apple Safari
Mobile application
App Store Google Play
For business
Teams Small business Business and corporates Enterprise On-premise solution Password sharing tool Secret management
Help
User manual Technical documentation Help center