cloudflared tunnel cred-file <TUNNEL_NAME> option

[firecow]

Describe the feature you'd like
I would like an cloudflared tunnel cred-file <TUNNEL_NAME> option

Additional context
Cego A/S is migrating away from legacy argo tunnels to named tunnels.
It would ease our transition if we could retrieve an already generated credential file via cloudflared tunnel cli

Here is our use case in Gitlab CI/CD YML format

---
# .gitlab-ci.yml

deploy:
  variables:
     TUNNEL_CERTIFICATE_FILE: # Found in our Gitlab CI/CD variables. (Cert.pem from cloudflared login)
     TUNNEL_NAME: somesub.cego.dk
  script:    
    - TUNNEL_ORIGIN_CERT="${TUNNEL_CERTIFICATE_FILE}"
    - | 
      cloudflared tunnel cred-file "${TUNNEL_NAME}" --output .cloudflared || 
        (cloudflared tunnel create "${TUNNEL_NAME}" &&
          cloudflared tunnel route dns "${TUNNEL_NAME}" "${TUNNEL_NAME}")
    - TUNNEL_CRED_FILE=$(find .cloudflared -name '*.json')
    - TUNNEL_UUID=$(grep -oP '"TunnelID":"\K(.*)(?=")' ${TUNNEL_CRED_FILE})
    - docker stack deploy

--- 
# docker-compose.yml

configs:
  cloudflared-cred-file:
    file: ${TUNNEL_CRED_FILE}

services:

  cloudflared:
    image: cloudflare/cloudflared:2022.3.1
    command: tunnel run ${TUNNEL_UUID}
    configs:
      - source: cloudflared-cred-file
        target: /etc/cloudflared/${TUNNEL_UUID}.json
    environment:
      TUNNEL_URL: http://${STACK_NAME}_web

[nmldiegues]

Hello @firecow ,

Can you clarify what you would envision cloudflared tunnel cred-file <TUNNEL_NAME> to do?
What's the side-effect/output of such command?

I think there's a chance you are confusing the cert.pem used to manage Tunnels (see https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#certpem) with the JSON credentials file used to run the Tunnel (see https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#credentials-file)

[firecow]

This is what I envision the command should do

cloudflared tunnel cred-file <TUNNEL_NAME> # puts 3218372198372198321.json into .cloudflared folder
cat .cloudflared/3218372198372198321.json
{
  "AccountTag":"<CEGOACCOUNTAG>",
  "TunnelSecret":"<REDACTED>",
  "TunnelID":"<thetunnelid>"
}

[nmldiegues]

Oh I see. You'd like to be able to retrieve the secret and re-create the credentials JSON file for an already created Tunnel, with the cert.pem to authenticate that.

That was not possible until recently because we would not store the secret on our end. This has changed in fact, as we now store it (securely).
So this is doable.

[firecow]

Yeah, I saw the "token" addition on api.cloudflare.com under the tunnels section, and thought this feature would be possible.

Reusing our exiting cert.pem secret handling to fetch or create tunnel cred files on demand during deployment would really ease our transition away from legacy tunnel.

👍

[abelinkinbio]

Thanks for submitting this FR. We're planning to discuss this a little more internally and see if we can get this into our next release.

[firecow]

@abelinkinbio That would be awesome, then I'll have our 2 miliion tunnels (kidding!) away from legacy in no time 😄

[nmldiegues]

This is likely going to be available in the next release. Stay tuned.

[firecow]

Thanks for this addition, I'm closing this issue.

[hadifarnoud]

cloudflared tunnel cred-file command no longer exists

[tmonck]

#645 (comment) shows you how to get the creds file