Skip to main content
You can get information about secrets, their versions and payloads: For more information, see Overview of the MysteryBox service.

How to get a list of secrets

Run the following command: 
nebius mysterybox secret list
To include secrets that have been deleted in the last 30 days and can still be restored, add --show-scheduled-for-deletion: 
nebius mysterybox secret list --show-scheduled-for-deletion

How to get a list of versions

To get versions of a given secret, run the following command: 
nebius mysterybox secret-version list --parent-id mbsec-*** --show-scheduled-for-deletion
The command contains the following parameters:
  • --parent-id: ID of the secret. To get the ID, run nebius mysterybox secret list.
  • --show-scheduled-for-deletion (optional): In addition to existing versions, lists versions that have been deleted in the last 30 days and can still be restored.

How to get a payload

Before you begin, make sure you are in a group that has at least the mysterybox.payload-viewer role. You can check this in the Administration → IAM section of the web console.
Creating a secret or a version of a secret does not automatically grant you access to view payloads in that secret or version. The editor role is enough to create a secret or a version, but viewing payloads requires the mysterybox.payload-viewer role, which is a sub-role of admin but not editor.
To get the payload of a given version, run the following command: 
nebius mysterybox payload get --secret-id mbsec-*** --version-id mbsecver-***
In the command, set the following parameters:
  • --secret-id: ID of the secret. To get the ID, run nebius mysterybox secret list.
  • --version-id (optional): ID of the version. To get the ID, run nebius mysterybox secret-version list —parent-id <secret_ID>. If you do not specify --version-id, the command returns the payload of the primary version.