geni exec bash
Run a bash command with your connected credentials available as environment variables.
geni exec bash [flags] -- <command>Runs a bash command with one or more credentials' values made available as environment variables. Use it for anything you'd run in a shell — curl, git, gh, aws, language CLIs, ad-hoc scripts.
Synopsis
geni exec bash \
--cred cred_01HX… --reason "Validating Slack token" \
-- 'curl -H "Authorization: Bearer $SLACK_ACCESS_TOKEN" https://slack.com/api/auth.test'| Flag | Notes |
|---|---|
--cred <id> | Credential to make available. Repeat for each credential the command needs. |
--reason <text> | Why this credential is being used. Recorded in your audit log. Required per cred. |
--cwd <path> | Working directory. Defaults to the current directory. |
-- | Separator. Everything after is the bash command. |
What env vars get set
For each credential you pass with --cred, geni exposes its values as environment variables your command can read. To see the exact env var names a credential will set, run geni credential get <id> or check the operation's reference docs.
Output
$ geni exec bash --cred cred_01HX… --reason "..." -- 'curl -s https://api.example.com/'
{"data":[...]}stdout, stderr, and the exit code are forwarded transparently — same as running the command yourself.
Any literal occurrence of a secret value in the output is replaced inline with [REDACTED:cred_…] so tokens never appear in logs or transcripts.
Examples
Simple curl
geni exec bash \
--cred cred_01HX7AB --reason "Listing Salesforce contacts" \
-- 'curl -s -H "Authorization: Bearer $SALESFORCE_ACCESS_TOKEN_01HX7AB" "$SALESFORCE_INSTANCE_URL_01HX7AB/services/data/v59.0/sobjects/Contact"'Multiple credentials in one call
geni exec bash \
--cred cred_slackA --reason "Posting to #engineering" \
--cred cred_slackB --reason "Posting to #marketing" \
-- 'curl -s -X POST https://slack.com/api/chat.postMessage \
-H "Authorization: Bearer $SLACK_ACCESS_TOKEN_SLACKA" \
-d "channel=#engineering&text=hi"'