Tags

Last modified on March 24, 2023

Tags are a form of metadata that can be applied to specific entities in StrongDM. Each Tag is a key and optional value pair.

StrongDM entities that support Tags:

Tag Details

  • Maximum key length: 128 UTF-8 characters
  • Maximum value length: 256 UTF-8 characters
  • Maximum 50 tags per entity
  • Allowed characters: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @
  • Case-sensitive: team=StrongDM is different from team=strongdm
  • An entity can only have one value of a key at a time (If you have two tags env=prod and env=dev you can only assign one of them to a resource).

Tag Management

This article primarily focuses on Tag management through the CLI, but you can refer to the API docs for more info about managing tags via the API, and you can manually add and remove tags to and from resources in the Admin UI as well.

Reading Tags

When using list with the CLI, the right-most column will show current tags, if any, in a comma-separated list.

sdm admin servers list -e
Server ID               <columns removed for clarity>      Tags
rs-7bb96dd41d9ac70b     <columns removed for clarity>      auth=ssh-cert
rs-299c6d443f322956     <columns removed for clarity>      creator=john,docs=true,env=support

Creating Tags

You can add or update Tags with the flag --tags.

sdm admin users update --email user1@test.com --tags 'loc=US'

When adding multiple Tags, use a comma-separated list.

sdm admin datasources update postgres --id rs-0835300a78ea36a0 --tags 'region=west,env=production,os=linux'

To add a Tag without a value, leave the value out of the command.

sdm admin servers update rdp --id rs-299c6d443f322956 --tags 'region=,env=,os='

Updating Tags

In this example, we will use list to search for a specific User with a Filter, then run an update command to modify the loc Tag.

sdm admin users list --filter 'email:alice.glick@strongdm.com'
User ID                First Name     Last Name    Email                        Tags
a-707fe3f43c34e1dc     Alice          Glick        alice.glick@strongdm.com     loc=US

We will use the same --tags flag we used to add the Tag, but this time we will supply a new value to the loc key.

sdm admin users update --email 'alice.glick@strongdm.com' --tags 'loc=EU'

Now we see the Tag with the new value.

sdm admin users list --filter 'email:alice.glick@strongdm.com'
User ID                First Name     Last Name    Email                        Tags
a-707fe3f43c34e1dc     Alice          Glick        alice.glick@strongdm.com     loc=EU

Deleting Tags

Let’s start with a User that has 3 tags.

sdm admin users list --filter 'email:alice.glick@strongdm.com'
User ID              First Name     Last Name    Email                      Tags
a-707fe3f43c34e1dc   Alice          Glick        alice.glick@strongdm.com   env=prod,loc=EU,team=docs

To remove a single Tag we will supply the --delete-tags flag, passing in the key of the Tag we wish to remove.

sdm admin users update --email alice.glick@strongdm.com --delete-tags 'loc'

To remove multiple Tags we will add the keys additional keys in a comma-separated format. Any keys that do not exist will simply be ignored.

sdm admin users update --email alice.glick@strongdm.com --delete-tags 'loc,env,team'

Lastly, to delete all Tags at once use the flag --delete-all-tags.

sdm admin users update --email alice.glick@strongdm.com --delete-all-tags

Chaining Commands

You can also combine these operations. For example, to delete all Tags and replace them with new tags:

sdm admin users update --email alice.glick@strongdm.com --delete-all-tags --tags 'a=1,b=2'
Top