bt-cli 0.4.12__py3-none-any.whl → 0.4.14__py3-none-any.whl

bt_cli/__init__.py

@@ -1,3 +1,3 @@
 """BeyondTrust Unified Admin CLI."""
 
-__version__ = "0.4.12"
+__version__ = "0.4.13"

bt_cli/data/CLAUDE.md

@@ -1,11 +1,11 @@
-# BT-Admin CLI
+# BT-CLI
 
 BeyondTrust Platform CLI for Password Safe, Entitle, PRA, and EPM Windows.
 
 ## Setup
 
 ```bash
-cd /home/admin/entitl-sko/bt-cli
+# From project root
 source .venv/bin/activate && source .env
 bt whoami   # Test all connections
 ```
@@ -62,16 +62,22 @@ PASSWORD=$(bt pws quick checkout -s server -a admin --raw)
 - PWS assets: Must create via workgroup endpoint
 - ECM integration: PWS system name must match PRA jump item name
 
-## Key Reference IDs
+## Functional vs Managed Accounts
 
-| Resource | ID | Notes |
-|----------|-----|-------|
-| PWS Workgroup AWS | 3 | |
-| PWS Workgroup Datacenter | 2 | |
-| PWS Functional Account | 7 | SSH key auth |
-| PRA Jumpoint AWS | 3 | |
-| PRA Jumpoint Datacenter | 2 | |
-| PRA ec2-admin SSH CA | 31 | For EC2 provisioning |
+**Functional accounts** (`bt pws functional`) - Service accounts used BY Password Safe to connect to systems for auto-management (password rotation, discovery). One functional account can manage many systems.
+
+**Managed accounts** (`bt pws accounts`) - User accounts ON systems that Password Safe manages (stores/rotates passwords for). These are what users check out.
+
+```bash
+# List functional accounts to find the right one for your platform
+bt pws functional list
+
+# List workgroups to find the right one
+bt pws workgroups list
+
+# Use functional account when onboarding a system
+bt pws quick onboard -n "server" -i "10.0.1.50" -w <WORKGROUP_ID> -f <FUNC_ACCT_ID> -e "sudo"
+```
 
 ## Project Structure
 

bt_cli/data/skills/bt/SKILL.md

@@ -22,9 +22,10 @@ Before executing any destructive operation:
 
 ## Setup
 
+The CLI should be installed and configured. Test with:
+
 ```bash
-cd /home/admin/entitl-sko/bt-cli
-source .venv/bin/activate && source .env
+bt whoami   # Verify all products are connected
 ```
 
 ## Test All Connections
@@ -47,27 +48,32 @@ bt quick pasm-search web-server -o json
 ### PASM Onboard (PWS + PRA)
 Onboard a host to both Password Safe and PRA in one command.
 
+**First, discover your environment IDs** (see "Discover Environment IDs" below).
+
 ```bash
-# Linux SSH host
-bt quick pasm-onboard -n "my-server" -i "10.0.1.50" -w 3 -j 3 -g 24
+# Linux SSH host (use IDs from your environment)
+bt quick pasm-onboard -n "my-server" -i "10.0.1.50" \
+    -w <workgroup_id> -j <jumpoint_id> -g <jump_group_id>
 
 # Full options
 bt quick pasm-onboard \
     --name "web-01" \
     --ip "10.0.1.100" \
-    --workgroup 3 \
-    --jumpoint 3 \
-    --jump-group 24 \
-    --functional-account 7 \
+    --workgroup <workgroup_id> \
+    --jumpoint <jumpoint_id> \
+    --jump-group <jump_group_id> \
+    --functional-account <func_acct_id> \
     --elevation "sudo" \
-    --pra-username "ec2-admin"
+    --pra-username "admin"
 
 # Windows RDP host
-bt quick pasm-onboard -n "win-srv" -i "10.0.2.10" -w 2 -p 1 -j 3 -g 31 --jump-type rdp --port 3389
+bt quick pasm-onboard -n "win-srv" -i "10.0.2.10" \
+    -w <workgroup_id> -p <platform_id> -j <jumpoint_id> -g <jump_group_id> \
+    --jump-type rdp --port 3389
 
 # Skip one product
-bt quick pasm-onboard -n "pra-only" -i "10.0.1.5" -j 3 -g 24 --skip-pws
-bt quick pasm-onboard -n "pws-only" -i "10.0.1.6" -w 3 --skip-pra
+bt quick pasm-onboard -n "pra-only" -i "10.0.1.5" -j <jumpoint_id> -g <jump_group_id> --skip-pws
+bt quick pasm-onboard -n "pws-only" -i "10.0.1.6" -w <workgroup_id> --skip-pra
 ```
 
 ### PASM Offboard
@@ -78,20 +84,24 @@ bt quick pasm-offboard -n "my-server"
 bt quick pasm-offboard -n "web-01" --force
 ```
 
-## Environment Reference IDs
-
-| Resource | ID | Notes |
-|----------|-----|-------|
-| PWS Workgroup (AWS) | 3 | AWS_Account Workgroup |
-| PWS Workgroup (Datacenter) | 2 | Datacenter_West |
-| PWS Functional Account | 7 | pws-functional SSH key |
-| PWS Platform Linux | 2 | |
-| PWS Platform Windows | 1 | |
-| PRA Jumpoint (AWS) | 3 | AWS Account |
-| PRA Jumpoint (Datacenter) | 2 | Data Center 01 |
-| PRA Vault Account (ec2-admin) | 31 | SSH CA for EC2 |
-| Entitle PRA Integration | bb2a3c79-02a9-45d9-be7f-f209d97cb1d7 | |
-| Entitle Customer Access | 22f4960f-b2ee-435f-9fa2-b82baeca06b2 | Virtual integration |
+## Discover Environment IDs
+
+Use these commands to find the IDs for your environment:
+
+```bash
+# PWS resources
+bt pws workgroups list          # Find workgroup IDs
+bt pws functional list          # Find functional account IDs
+bt pws platforms list           # Find platform IDs
+
+# PRA resources
+bt pra jumpoint list            # Find jumpoint IDs
+bt pra jump-groups list         # Find jump group IDs
+bt pra vault groups list        # Find vault account group IDs
+
+# Entitle resources
+bt entitle integrations list    # Find integration IDs
+```
 
 ## Product-Specific Skills
 

bt_cli/data/skills/entitle/SKILL.md

@@ -25,10 +25,10 @@ bt entitle integrations get <integration_id>
 bt entitle resources list --integration <integration_id>
 bt entitle resources get <resource_id>
 
-# Virtual integration resources
+# Virtual integration resources (use integration ID from `bt entitle integrations list`)
 bt entitle resources create-virtual \
     --name "Customer-05 (Bing7)" \
-    --integration 22f4960f-b2ee-435f-9fa2-b82baeca06b2 \
+    --integration <virtual_integration_id> \
     --source-role-id <role_id> \
     --role-name "Start Session"
 bt entitle resources delete <resource_id>
@@ -101,18 +101,21 @@ bt entitle policies get <policy_id>
 - Or manually trigger sync in Entitle UI: Integrations → PRA → Sync Now
 
 ```bash
-# 1. Trigger PRA sync in Entitle UI (or wait for hourly sync)
+# 1. Find your PRA integration ID
+bt entitle integrations list | grep -i pra
 
-# 2. Find the new PRA resource
-bt entitle resources list --integration bb2a3c79-02a9-45d9-be7f-f209d97cb1d7
+# 2. Trigger PRA sync in Entitle UI (or wait for hourly sync)
 
-# 3. Get "Start Sessions Only" role ID
+# 3. Find the new PRA resource
+bt entitle resources list --integration <pra_integration_id>
+
+# 4. Get "Start Sessions Only" role ID
 bt entitle roles list --resource <pra_resource_id>
 
-# 4. Add to Customer Access virtual integration
+# 5. Add to virtual integration (find ID with `bt entitle integrations list`)
 bt entitle resources create-virtual \
     --name "Customer-05" \
-    --integration 22f4960f-b2ee-435f-9fa2-b82baeca06b2 \
+    --integration <virtual_integration_id> \
     --source-role-id <role_id> \
     --role-name "Start Session"
 ```
@@ -123,13 +126,21 @@ bt entitle resources create-virtual \
 bt entitle permissions list --user "user@example.com" -o json
 ```
 
-## Key IDs
+## Discover IDs
+
+```bash
+# Find integration IDs
+bt entitle integrations list
+
+# Find workflow IDs
+bt entitle workflows list
+
+# Find resource IDs within an integration
+bt entitle resources list --integration <integration_id>
 
-| Resource | ID |
-|----------|-----|
-| PRA Integration | bb2a3c79-02a9-45d9-be7f-f209d97cb1d7 |
-| Customer Access (Virtual) | 22f4960f-b2ee-435f-9fa2-b82baeca06b2 |
-| AWS SandBox | (check `bt entitle integrations list`) |
+# Find role IDs for a resource
+bt entitle roles list --resource <resource_id>
+```
 
 ## Integrations Available
 

bt_cli/data/skills/epmw/SKILL.md

@@ -118,22 +118,21 @@ bt epmw audits requests list
 bt epmw audits requests get <audit_id>
 ```
 
-## Key Groups
-
-| ID | Name | Computers |
-|----|------|-----------|
-| 042267ec-... | Servers - Datacenter1 | CorpMem01, CorpMem02 |
-| 1c8f6310-... | Workstations - Datacenter1 | CorpWS01, CorpWS02 |
-| 67ca23ad-... | Engineering | BenC-Skynet |
-
-## Key Computers
-
-| Host | Domain | Group | Status |
-|------|--------|-------|--------|
-| CorpMem01 | nexusdyn.corp | Servers | Connected |
-| CorpMem02 | nexusdyn.corp | Servers | Connected |
-| CorpWS01 | nexusdyn.corp | Workstations | Connected |
-| CorpWS02 | nexusdyn.corp | Workstations | Connected |
+## Discover IDs
+
+```bash
+# Find group IDs
+bt epmw groups list
+
+# Find computer IDs
+bt epmw computers list
+
+# Find policy IDs
+bt epmw policies list
+
+# Find user IDs
+bt epmw users list
+```
 
 ## API Notes
 

bt_cli/data/skills/pra/SKILL.md

@@ -35,28 +35,28 @@ bt pra quick search admin -o json
 
 ```bash
 bt pra jump-items shell list
-bt pra jump-items shell get 55
+bt pra jump-items shell get <jump_item_id>
 bt pra jump-items shell create \
     --name "web-server-01" \
     --hostname "10.0.1.50" \
-    --jumpoint 3 \
-    --jump-group 24 \
+    --jumpoint <jumpoint_id> \
+    --jump-group <jump_group_id> \
     --protocol ssh \
     --port 22 \
-    --username "ec2-admin"
-bt pra jump-items shell delete 55
+    --username "admin"
+bt pra jump-items shell delete <jump_item_id>
 ```
 
 ### RDP Jump
 
 ```bash
 bt pra jump-items rdp list
-bt pra jump-items rdp get 1
+bt pra jump-items rdp get <jump_item_id>
 bt pra jump-items rdp create \
     --name "win-server-01" \
     --hostname "10.0.2.10" \
-    --jumpoint 3 \
-    --jump-group 31 \
+    --jumpoint <jumpoint_id> \
+    --jump-group <jump_group_id> \
     --port 3389
 ```
 
@@ -67,8 +67,8 @@ bt pra jump-items tunnel list
 bt pra jump-items tunnel create \
     --name "production-k8s" \
     --hostname "k8s-api.example.com" \
-    --jumpoint 3 \
-    --jump-group 24 \
+    --jumpoint <jumpoint_id> \
+    --jump-group <jump_group_id> \
     --type k8s \
     --url "https://k8s-api.example.com:6443" \
     --ca-cert "$(cat /path/to/ca.crt)"
@@ -78,25 +78,25 @@ bt pra jump-items tunnel create \
 
 ```bash
 bt pra jump-groups list
-bt pra jump-groups get 24
+bt pra jump-groups get <group_id>
 bt pra jump-groups create \
-    --name "Customer-05 (Bing7)" \
-    --code-name bing7 \
-    --comments "Demo customer"
-bt pra jump-groups delete 30
+    --name "Customer-05" \
+    --code-name customer05 \
+    --comments "New customer environment"
+bt pra jump-groups delete <group_id>
 ```
 
 ## Vault Accounts
 
 ```bash
 bt pra vault accounts list
-bt pra vault accounts get 6
-bt pra vault accounts checkout 6
-bt pra vault accounts checkin 6
-bt pra vault accounts rotate 6
+bt pra vault accounts get <account_id>
+bt pra vault accounts checkout <account_id>
+bt pra vault accounts checkin <account_id>
+bt pra vault accounts rotate <account_id>
 
 # SSH CA - get public key for provisioning
-bt pra vault accounts get-public-key 31
+bt pra vault accounts get-public-key <ssh_ca_account_id>
 ```
 
 ## SSH CA Authentication
@@ -104,21 +104,18 @@ bt pra vault accounts get-public-key 31
 PRA supports SSH CA for ephemeral access - no static keys on hosts.
 
 ```bash
+# Find SSH CA vault accounts
+bt pra vault accounts list | grep -i ssh
+
 # Get CA public key (ready for authorized_keys)
-bt pra vault accounts get-public-key 31
+bt pra vault accounts get-public-key <ssh_ca_account_id>
 # Output: cert-authority ssh-rsa AAAAB3NzaC1yc2E...
 
 # Provision EC2 with SSH CA
-PRA_CA_KEY=$(bt pra vault accounts get-public-key 31)
+PRA_CA_KEY=$(bt pra vault accounts get-public-key <ssh_ca_account_id>)
 # Embed in user-data script for EC2
 ```
 
-**SSH CA Vault Accounts:**
-| ID | Name | Username |
-|----|------|----------|
-| 3 | Ephemeral Admin SSH CA | admin-ephemeral |
-| 31 | ec2-admin | ec2-admin |
-
 ## CSV Import/Export
 
 ```bash
@@ -128,17 +125,21 @@ bt pra import jump-items --file jump-items.csv --dry-run
 bt pra import jump-items --file jump-items.csv
 ```
 
-## Key IDs
-
-| Resource | ID |
-|----------|-----|
-| Jumpoint: Data Center 01 | 2 |
-| Jumpoint: AWS Account | 3 |
-| Jump Group: Datacenter 01 (West) | 1 |
-| Jump Group: Customer-01 (Axion) | 24 |
-| Jump Group: Customer-02 (Meridian) | 25 |
-| Jump Group: Cloud Containers | 26 |
-| Vault: ec2-admin (SSH CA) | 31 |
+## Discover IDs
+
+```bash
+# Find jumpoint IDs
+bt pra jumpoint list
+
+# Find jump group IDs
+bt pra jump-groups list
+
+# Find vault account IDs
+bt pra vault accounts list
+
+# Find vault account group IDs
+bt pra vault groups list
+```
 
 ## API Notes
 

bt_cli/data/skills/pws/SKILL.md

@@ -39,8 +39,9 @@ bt pws quick search root -o json
 bt pws quick rotate -s "axion-finapp-01" -a "root"
 
 # Onboard system (asset + system + account)
-bt pws quick onboard -n "my-server" -i "10.0.1.50" -w 3
-bt pws quick onboard -n "web-01" -i "10.0.1.100" -w 3 -f 7 -e "sudo"
+# First find your workgroup and functional account IDs (see "Discover IDs" below)
+bt pws quick onboard -n "my-server" -i "10.0.1.50" -w <workgroup_id>
+bt pws quick onboard -n "web-01" -i "10.0.1.100" -w <workgroup_id> -f <func_acct_id> -e "sudo"
 
 # Offboard system
 bt pws quick offboard -s "my-server"
@@ -52,15 +53,15 @@ bt pws quick offboard -s "web-01" --force
 ```bash
 # List systems
 bt pws systems list
-bt pws systems list --workgroup 3
+bt pws systems list --workgroup <workgroup_id>
 bt pws systems list -o json
 
 # Get system details
-bt pws systems get 22
+bt pws systems get <system_id>
 
 # List accounts on a system
-bt pws accounts list --system 22
-bt pws accounts get 45
+bt pws accounts list --system <system_id>
+bt pws accounts get <account_id>
 ```
 
 ## Secrets Safe
@@ -128,13 +129,13 @@ bt pws quick user-entitlements dave
 
 ```bash
 # 1. Find system
-bt pws systems list -o json | jq '.[] | select(.SystemName=="axion-finapp-01")'
+bt pws systems list -o json | jq '.[] | select(.SystemName=="my-server")'
 
 # 2. Find account
-bt pws accounts list --system 22
+bt pws accounts list --system <system_id>
 
 # 3. Checkout
-bt pws credentials checkout --system "axion-finapp-01" --account "root"
+bt pws credentials checkout --system "my-server" --account "root"
 
 # 4. Get password
 bt pws credentials show <request_id>
@@ -158,18 +159,18 @@ bt pws import systems --file systems.csv
 bt pws import secrets --file secrets.csv
 ```
 
-## Key IDs
+## Discover IDs
 
-| Resource | ID |
-|----------|-----|
-| Workgroup: Default | 1 |
-| Workgroup: Datacenter_West | 2 |
-| Workgroup: AWS_Account | 3 |
-| Platform: Windows | 1 |
-| Platform: Linux | 2 |
-| Platform: MySQL | 10 |
-| Platform: PostgreSQL | 79 |
-| Functional Account | 7 |
+```bash
+# Find workgroup IDs
+bt pws workgroups list
+
+# Find platform IDs
+bt pws platforms list
+
+# Find functional account IDs (for auto-management)
+bt pws functional list
+```
 
 ## EC2 Systems in AWS
 
@@ -179,7 +180,7 @@ When onboarding EC2 instances to Password Safe, use the **internal AWS DNS name*
 # Use internal DNS for EC2 systems
 bt pws quick onboard -n "web-prod-01" \
     -i "ip-10-0-12-45.us-east-1.compute.internal" \
-    -w 3 -f 7
+    -w <workgroup_id> -f <func_acct_id>
 
 # Or set DNS separately
 bt pws systems update <system_id> --dns "ip-10-0-12-45.us-east-1.compute.internal"

bt_cli/epmw/commands/policies.py

@@ -288,15 +288,29 @@ def revert_policy(
 @app.command("download")
 def download_policy(
     policy_id: str = typer.Argument(..., help="Policy ID (UUID)"),
+    file: Optional[str] = typer.Option(None, "--file", "-f", help="Save to file instead of stdout"),
 ):
-    """Download policy content (XML format)."""
+    """Download policy content (XML format).
+
+    Examples:
+        bt epmw policies download <policy_id>
+        bt epmw policies download <policy_id> --file policy.xml
+        bt epmw policies download <policy_id> > policy.xml
+    """
     from bt_cli.epmw.client import get_client
 
     try:
         client = get_client()
         content = client.download_policy(policy_id)
-        # Policy content is XML
-        typer.echo(content)
+
+        if file:
+            # Write to file
+            with open(file, "w", encoding="utf-8") as f:
+                f.write(content)
+            print_success(f"Policy saved to: {file}")
+        else:
+            # Output to stdout
+            typer.echo(content)
     except httpx.HTTPStatusError as e:
         print_api_error(e, "download policy")
         raise typer.Exit(1)

bt_cli/pws/commands/import_export.py

@@ -16,10 +16,10 @@ import_app = typer.Typer(no_args_is_help=True, help="Import resources from CSV f
 export_app = typer.Typer(no_args_is_help=True, help="Export sample CSV templates")
 console = Console()
 
-# Column definitions for CSV formats
+# Column definitions for CSV formats - using NAMES not IDs for readability
 SYSTEMS_COLUMNS = [
-    "name", "ip_address", "workgroup_id", "platform_id", "port",
-    "functional_account_id", "elevation_command", "auto_manage",
+    "system_name", "ip_address", "workgroup", "platform", "port",
+    "functional_account", "elevation_command", "auto_manage",
     "account_name", "account_password", "account_description"
 ]
 
@@ -27,31 +27,36 @@ SECRETS_COLUMNS = [
     "folder_path", "title", "username", "password", "description", "notes"
 ]
 
-# Sample data for templates
+# Sample data for templates - uses names that will be resolved to IDs
+# NOTE: account_password only required if auto_manage=false
+#       If auto_manage=true with functional_account, PWS rotates password automatically
 SYSTEMS_SAMPLE = [
     {
-        "name": "web-server-01", "ip_address": "10.0.1.50", "workgroup_id": "3",
-        "platform_id": "2", "port": "22", "functional_account_id": "7",
+        "system_name": "linux-managed-01", "ip_address": "10.0.1.50",
+        "workgroup": "Default",  # Use workgroup NAME (run: bt pws workgroups list)
+        "platform": "Linux SSH",  # Use platform NAME (run: bt pws platforms list)
+        "port": "22",
+        "functional_account": "Linux - Local",  # FA DisplayName (run: bt pws functional list)
         "elevation_command": "sudo", "auto_manage": "true",
-        "account_name": "root", "account_password": "", "account_description": "Root account"
+        "account_name": "root", "account_password": "", "account_description": "Auto-managed root"
     },
     {
-        "name": "web-server-01", "ip_address": "10.0.1.50", "workgroup_id": "3",
-        "platform_id": "2", "port": "22", "functional_account_id": "7",
-        "elevation_command": "sudo", "auto_manage": "true",
-        "account_name": "svc-backup", "account_password": "Backup#2026!", "account_description": "Backup service"
+        "system_name": "linux-managed-01", "ip_address": "10.0.1.50",
+        "workgroup": "Default", "platform": "Linux SSH", "port": "22",
+        "functional_account": "Linux - Local", "elevation_command": "sudo", "auto_manage": "true",
+        "account_name": "appuser", "account_password": "", "account_description": "Auto-managed app account"
     },
     {
-        "name": "db-server-01", "ip_address": "10.0.1.60", "workgroup_id": "3",
-        "platform_id": "2", "port": "22", "functional_account_id": "7",
-        "elevation_command": "sudo", "auto_manage": "true",
-        "account_name": "postgres", "account_password": "", "account_description": "Database admin"
+        "system_name": "linux-manual-01", "ip_address": "10.0.1.60",
+        "workgroup": "Default", "platform": "Linux SSH", "port": "22",
+        "functional_account": "", "elevation_command": "", "auto_manage": "false",
+        "account_name": "dbadmin", "account_password": "InitialP@ss123!", "account_description": "Manual - password required"
     },
     {
-        "name": "win-server-01", "ip_address": "10.0.2.10", "workgroup_id": "2",
-        "platform_id": "1", "port": "5985", "functional_account_id": "",
-        "elevation_command": "", "auto_manage": "false",
-        "account_name": "Administrator", "account_password": "InitialPass123!", "account_description": "Local admin"
+        "system_name": "win-manual-01", "ip_address": "10.0.2.10",
+        "workgroup": "Default", "platform": "Windows", "port": "5985",
+        "functional_account": "", "elevation_command": "", "auto_manage": "false",
+        "account_name": "Administrator", "account_password": "WinP@ss456!", "account_description": "Manual - password required"
     },
 ]
 
@@ -74,25 +79,89 @@ SECRETS_SAMPLE = [
 ]
 
 
+def _resolve_name_to_id(name: str, lookup: dict, resource_type: str) -> Optional[int]:
+    """Resolve a name to ID using case-insensitive partial matching."""
+    if not name:
+        return None
+
+    # Try exact match first (case-insensitive)
+    name_lower = name.lower().strip()
+    for key, value in lookup.items():
+        if key.lower() == name_lower:
+            return value
+
+    # Try partial match (name contains search term)
+    for key, value in lookup.items():
+        if name_lower in key.lower():
+            return value
+
+    return None
+
+
+def _build_folder_path_map(safes: list, folders: list) -> dict[str, str]:
+    """Build a map of folder paths to folder IDs.
+
+    Safes are top-level containers, folders can be nested.
+    Returns a dict like {"SafeName/FolderName": "folder-guid", ...}
+    """
+    # Build ID -> object lookups
+    safe_by_id = {s.get("Id"): s for s in safes}
+    folder_by_id = {f.get("Id"): f for f in folders}
+
+    # Build path for each folder
+    path_map: dict[str, str] = {}
+
+    def get_path(folder_id: str) -> str:
+        """Recursively build path for a folder."""
+        if folder_id in safe_by_id:
+            # It's a safe (top-level)
+            return safe_by_id[folder_id].get("Name", "")
+
+        folder = folder_by_id.get(folder_id)
+        if not folder:
+            return ""
+
+        parent_id = folder.get("ParentId")
+        folder_name = folder.get("Name", "")
+
+        if parent_id:
+            parent_path = get_path(parent_id)
+            if parent_path:
+                return f"{parent_path}/{folder_name}"
+
+        return folder_name
+
+    # Map all folders
+    for folder in folders:
+        folder_id = folder.get("Id")
+        path = get_path(folder_id)
+        if path:
+            path_map[path.lower()] = folder_id
+
+    return path_map
+
+
 @import_app.command("systems")
 def import_systems(
     file: str = typer.Option(..., "--file", "-f", help="CSV file path"),
     dry_run: bool = typer.Option(False, "--dry-run", help="Validate without creating"),
-    workgroup: Optional[int] = typer.Option(None, "--workgroup", "-w", help="Override workgroup ID for all rows"),
+    workgroup_override: Optional[str] = typer.Option(None, "--workgroup", "-w", help="Override workgroup for all rows (name or ID)"),
 ) -> None:
     """Import managed systems and accounts from CSV.
 
     Each row creates a system + account. Multiple accounts per system use
     multiple rows with the same system name (system is created only once).
 
-    Required columns: name, ip_address, workgroup_id, account_name
-    Optional: platform_id, port, functional_account_id, elevation_command,
+    Uses NAMES for workgroup, platform, functional_account - resolved to IDs automatically.
+
+    Required columns: system_name, ip_address, workgroup, account_name
+    Optional: platform, port, functional_account, elevation_command,
               auto_manage, account_password, account_description
 
     Examples:
         bt pws import systems --file systems.csv --dry-run
         bt pws import systems --file systems.csv
-        bt pws import systems --file systems.csv --workgroup 3
+        bt pws import systems --file systems.csv --workgroup "Default"
     """
     try:
         rows = read_csv(file)
@@ -102,73 +171,148 @@ def import_systems(
 
         console.print(f"[dim]Read {len(rows)} rows from {file}[/dim]")
 
-        # Validate all rows first
-        errors = []
-        required = ["name", "ip_address", "account_name"]
-        if not workgroup:
-            required.append("workgroup_id")
-
-        for i, row in enumerate(rows, 1):
-            row_errors = validate_required_fields(row, required, i)
-            errors.extend(row_errors)
-
-        if errors:
-            print_error("Validation errors:")
-            for err in errors[:20]:
-                console.print(f"  [red]{err}[/red]")
-            if len(errors) > 20:
-                console.print(f"  [red]... and {len(errors) - 20} more errors[/red]")
-            raise typer.Exit(1)
-
-        # Group rows by system name
-        systems_rows: dict[str, list[dict]] = {}
-        for row in rows:
-            name = row["name"].strip()
-            if name not in systems_rows:
-                systems_rows[name] = []
-            systems_rows[name].append(row)
-
-        console.print(f"[dim]Found {len(systems_rows)} unique systems with {len(rows)} total accounts[/dim]")
-
-        if dry_run:
-            console.print("\n[yellow]DRY RUN - No changes will be made[/yellow]\n")
-            table = Table(title="Systems to Create")
-            table.add_column("System", style="green")
-            table.add_column("IP", style="cyan")
-            table.add_column("Workgroup", style="yellow")
-            table.add_column("Platform", style="magenta")
-            table.add_column("Accounts", style="blue")
-
-            for name, sys_rows in systems_rows.items():
-                first = sys_rows[0]
-                wg = workgroup or parse_int(first.get("workgroup_id", ""))
-                accounts = ", ".join(r["account_name"] for r in sys_rows)
-                table.add_row(
-                    name,
-                    first.get("ip_address", ""),
-                    str(wg),
-                    first.get("platform_id", "2"),
-                    accounts
-                )
-
-            console.print(table)
-            console.print(f"\n[dim]Would create {len(systems_rows)} systems with {len(rows)} accounts[/dim]")
-            return
-
-        # Actually import
+        # Connect and build lookup tables for name resolution
         with get_client() as client:
             client.authenticate()
 
+            console.print("[dim]Loading workgroups, platforms, functional accounts...[/dim]")
+
+            # Build name -> ID lookup tables
+            workgroups = client.list_workgroups()
+            workgroup_lookup = {w.get("Name", ""): w.get("ID") for w in workgroups}
+
+            platforms = client.list_platforms()
+            platform_lookup = {p.get("Name", ""): p.get("PlatformID") for p in platforms}
+
+            func_accounts = client.list_functional_accounts()
+            # Use DisplayName as the primary lookup key, also add AccountName as fallback
+            func_acct_lookup = {}
+            for f in func_accounts:
+                fa_id = f.get("FunctionalAccountID")
+                # Primary: DisplayName (e.g., "Linux - Local")
+                if f.get("DisplayName"):
+                    func_acct_lookup[f["DisplayName"]] = fa_id
+                # Fallback: AccountName (e.g., "svc_passwordsafe")
+                if f.get("AccountName"):
+                    func_acct_lookup[f["AccountName"]] = fa_id
+
+            # Resolve workgroup override
+            wg_override_id = None
+            if workgroup_override:
+                # Try as ID first
+                try:
+                    wg_override_id = int(workgroup_override)
+                except ValueError:
+                    wg_override_id = _resolve_name_to_id(workgroup_override, workgroup_lookup, "workgroup")
+                    if not wg_override_id:
+                        print_error(f"Workgroup not found: {workgroup_override}")
+                        console.print("[dim]Available workgroups:[/dim]")
+                        for name in workgroup_lookup.keys():
+                            console.print(f"  - {name}")
+                        raise typer.Exit(1)
+
+            # Validate all rows first
+            errors = []
+            # Support both old column names (backward compat) and new names
+            name_col = "system_name" if "system_name" in rows[0] else "name"
+            wg_col = "workgroup" if "workgroup" in rows[0] else "workgroup_id"
+
+            required = [name_col, "ip_address", "account_name"]
+            if not wg_override_id:
+                required.append(wg_col)
+
+            for i, row in enumerate(rows, 1):
+                row_errors = validate_required_fields(row, required, i)
+                errors.extend(row_errors)
+
+            if errors:
+                print_error("Validation errors:")
+                for err in errors[:20]:
+                    console.print(f"  [red]{err}[/red]")
+                if len(errors) > 20:
+                    console.print(f"  [red]... and {len(errors) - 20} more errors[/red]")
+                raise typer.Exit(1)
+
+            # Group rows by system name
+            systems_rows: dict[str, list[dict]] = {}
+            for row in rows:
+                name = row.get(name_col, "").strip()
+                if name not in systems_rows:
+                    systems_rows[name] = []
+                systems_rows[name].append(row)
+
+            console.print(f"[dim]Found {len(systems_rows)} unique systems with {len(rows)} total accounts[/dim]")
+
+            if dry_run:
+                console.print("\n[yellow]DRY RUN - No changes will be made[/yellow]\n")
+                table = Table(title="Systems to Create")
+                table.add_column("System", style="green")
+                table.add_column("IP", style="cyan")
+                table.add_column("Workgroup", style="yellow")
+                table.add_column("Platform", style="magenta")
+                table.add_column("Accounts", style="blue")
+
+                for name, sys_rows in systems_rows.items():
+                    first = sys_rows[0]
+                    wg_name = first.get(wg_col, "")
+                    plat_name = first.get("platform", first.get("platform_id", "Linux"))
+                    accounts = ", ".join(r["account_name"] for r in sys_rows)
+                    table.add_row(name, first.get("ip_address", ""), wg_name, plat_name, accounts)
+
+                console.print(table)
+                console.print(f"\n[dim]Would create {len(systems_rows)} systems with {len(rows)} accounts[/dim]")
+                return
+
+            # Actually import
             created_systems = 0
             created_accounts = 0
-            system_ids: dict[str, int] = {}  # Map system name to ID
+            system_ids: dict[str, int] = {}
 
             for name, sys_rows in systems_rows.items():
                 first = sys_rows[0]
-                wg_id = workgroup or parse_int(first.get("workgroup_id", ""))
+
+                # Resolve workgroup
+                if wg_override_id:
+                    wg_id = wg_override_id
+                else:
+                    wg_val = first.get(wg_col, "").strip()
+                    try:
+                        wg_id = int(wg_val)
+                    except ValueError:
+                        wg_id = _resolve_name_to_id(wg_val, workgroup_lookup, "workgroup")
 
                 if not wg_id:
-                    print_warning(f"Skipping {name}: No workgroup ID")
+                    print_warning(f"Skipping {name}: Could not resolve workgroup '{first.get(wg_col, '')}'")
+                    continue
+
+                # Resolve platform
+                plat_val = first.get("platform", first.get("platform_id", "")).strip()
+                try:
+                    platform_id = int(plat_val) if plat_val else 2
+                except ValueError:
+                    platform_id = _resolve_name_to_id(plat_val, platform_lookup, "platform") or 2
+
+                # Resolve functional account
+                func_val = first.get("functional_account", first.get("functional_account_id", "")).strip()
+                func_acct_id = None
+                if func_val:
+                    try:
+                        func_acct_id = int(func_val)
+                    except ValueError:
+                        func_acct_id = _resolve_name_to_id(func_val, func_acct_lookup, "functional account")
+
+                # Get auto_manage flag early for validation
+                auto_manage = parse_bool(first.get("auto_manage", ""))
+
+                # Validate auto_manage + functional account combination
+                if auto_manage and func_val and not func_acct_id:
+                    print_warning(f"Skipping {name}: auto_manage=true but functional account '{func_val}' not found")
+                    console.print("[dim]Available functional accounts:[/dim]")
+                    for fa_name in func_acct_lookup.keys():
+                        console.print(f"  - {fa_name}")
+                    continue
+                if auto_manage and not func_val:
+                    print_warning(f"Skipping {name}: auto_manage=true requires a functional_account")
                     continue
 
                 try:
@@ -183,10 +327,7 @@ def import_systems(
 
                     # Create managed system
                     console.print(f"[dim]Creating managed system '{name}'...[/dim]")
-                    platform_id = parse_int(first.get("platform_id", ""), 2)
                     port = parse_int(first.get("port", ""), 22)
-                    func_acct = parse_int(first.get("functional_account_id", ""))
-                    auto_manage = parse_bool(first.get("auto_manage", ""))
                     elevation = first.get("elevation_command", "").strip() or None
 
                     system = client.create_managed_system(
@@ -194,8 +335,8 @@ def import_systems(
                         platform_id=platform_id,
                         asset_id=asset_id,
                         port=port,
-                        functional_account_id=func_acct,
-                        auto_management_flag=auto_manage if func_acct else False,
+                        functional_account_id=func_acct_id,
+                        auto_management_flag=auto_manage if func_acct_id else False,
                         elevation_command=elevation,
                     )
                     system_id = system.get("ManagedSystemID")
@@ -214,7 +355,7 @@ def import_systems(
                             system_id=system_id,
                             account_name=account_name,
                             password=password,
-                            auto_management_flag=auto_manage if func_acct else False,
+                            auto_management_flag=auto_manage if func_acct_id else False,
                         )
                         account_id = account.get("ManagedAccountID")
                         created_accounts += 1
@@ -301,13 +442,11 @@ def import_secrets(
         with get_client() as client:
             client.authenticate()
 
-            # Get all folders to map paths to IDs
+            # Build folder path -> ID map from safes and folders
+            console.print("[dim]Loading safes and folders...[/dim]")
+            safes = client.list_safes()
             all_folders = client.list_folders()
-            folder_map: dict[str, int] = {}
-            for f in all_folders:
-                path = f.get("FolderPath", "") or f.get("Name", "")
-                if path:
-                    folder_map[path.lower()] = f.get("Id")
+            folder_map = _build_folder_path_map(safes, all_folders)
 
             created = 0
             for row in rows:
@@ -318,6 +457,11 @@ def import_secrets(
                 folder_id = folder_map.get(folder_path.lower())
                 if not folder_id:
                     print_warning(f"Folder not found: {folder_path}, skipping {title}")
+                    console.print("[dim]Available folder paths:[/dim]")
+                    for path in sorted(folder_map.keys())[:10]:
+                        console.print(f"  - {path}")
+                    if len(folder_map) > 10:
+                        console.print(f"  ... and {len(folder_map) - 10} more")
                     continue
 
                 try:
@@ -355,22 +499,46 @@ def export_systems(
     file: str = typer.Option("pws-systems-template.csv", "--file", "-f", help="Output file path"),
     sample: bool = typer.Option(True, "--sample/--no-sample", help="Export sample template (default) or current data"),
 ) -> None:
-    """Export sample systems CSV template.
+    """Export systems CSV template or current data.
+
+    Uses human-readable NAMES for workgroup, platform, functional_account.
 
     Examples:
         bt pws export systems --file systems-template.csv
-        bt pws export systems --file systems-template.csv --sample
+        bt pws export systems --file current-systems.csv --no-sample
     """
     try:
         if sample:
             write_csv(file, SYSTEMS_SAMPLE, SYSTEMS_COLUMNS)
             print_success(f"Sample systems template exported to: {file}")
             console.print(f"[dim]Contains {len(SYSTEMS_SAMPLE)} example rows[/dim]")
+            console.print("\n[dim]Column descriptions:[/dim]")
+            console.print("  system_name        - Unique name for the managed system")
+            console.print("  ip_address         - IP or hostname")
+            console.print("  workgroup          - Workgroup NAME (run: bt pws workgroups list)")
+            console.print("  platform           - Platform NAME, partial match OK (run: bt pws platforms list)")
+            console.print("  port               - Connection port (22 for SSH, 5985 for WinRM)")
+            console.print("  functional_account - Functional account NAME for auto-management (bt pws functional list)")
+            console.print("  elevation_command  - 'sudo' or other elevation command (optional)")
+            console.print("  auto_manage        - true=PWS rotates password, false=manual management")
+            console.print("  account_name       - Account username to manage")
+            console.print("  account_password   - Required if auto_manage=false, empty if auto_manage=true")
+            console.print("  account_description- Description for the account")
         else:
-            # Export actual data from API
+            # Export actual data from API with names resolved
             with get_client() as client:
                 client.authenticate()
 
+                # Build ID -> name lookup tables
+                workgroups = client.list_workgroups()
+                wg_names = {w.get("ID"): w.get("Name", "") for w in workgroups}
+
+                platforms = client.list_platforms()
+                plat_names = {p.get("PlatformID"): p.get("Name", "") for p in platforms}
+
+                func_accounts = client.list_functional_accounts()
+                func_names = {f.get("FunctionalAccountID"): f.get("FunctionalAccountName", "") for f in func_accounts}
+
                 systems = client.list_managed_systems()
                 rows = []
 
@@ -378,14 +546,18 @@ def export_systems(
                     system_id = sys.get("ManagedSystemID")
                     accounts = client.list_managed_accounts(system_id=system_id)
 
+                    wg_id = sys.get("WorkgroupID")
+                    plat_id = sys.get("PlatformID")
+                    func_id = sys.get("FunctionalAccountID")
+
                     for acc in accounts:
                         rows.append({
-                            "name": sys.get("SystemName", ""),
+                            "system_name": sys.get("SystemName", ""),
                             "ip_address": sys.get("IPAddress", ""),
-                            "workgroup_id": str(sys.get("WorkgroupID", "")),
-                            "platform_id": str(sys.get("PlatformID", "")),
+                            "workgroup": wg_names.get(wg_id, str(wg_id or "")),
+                            "platform": plat_names.get(plat_id, str(plat_id or "")),
                             "port": str(sys.get("Port", "")),
-                            "functional_account_id": str(sys.get("FunctionalAccountID", "") or ""),
+                            "functional_account": func_names.get(func_id, "") if func_id else "",
                             "elevation_command": sys.get("ElevationCommand", "") or "",
                             "auto_manage": "true" if sys.get("AutoManagementFlag") else "false",
                             "account_name": acc.get("AccountName", ""),
@@ -419,22 +591,25 @@ def export_secrets(
             write_csv(file, SECRETS_SAMPLE, SECRETS_COLUMNS)
             print_success(f"Sample secrets template exported to: {file}")
             console.print(f"[dim]Contains {len(SECRETS_SAMPLE)} example rows[/dim]")
+            console.print("\n[dim]Column descriptions:[/dim]")
+            console.print("  folder_path  - Full path: SafeName/FolderName (run: bt pws secrets folders list)")
+            console.print("  title        - Unique title for the secret")
+            console.print("  username     - Username/identifier (optional)")
+            console.print("  password     - Password/secret value")
+            console.print("  description  - Description of the secret")
+            console.print("  notes        - Additional notes (can be JSON)")
         else:
             # Export actual data from API
             with get_client() as client:
                 client.authenticate()
 
                 secrets = client.list_secrets()
-                folders = client.list_folders()
-
-                # Map folder IDs to paths
-                folder_paths = {f.get("Id"): f.get("FolderPath", "") or f.get("Name", "") for f in folders}
 
                 rows = []
                 for s in secrets:
-                    folder_id = s.get("FolderId")
+                    # Secrets have FolderPath directly (e.g., "SafeName/FolderName")
                     rows.append({
-                        "folder_path": folder_paths.get(folder_id, ""),
+                        "folder_path": s.get("FolderPath", "") or s.get("Folder", ""),
                         "title": s.get("Title", ""),
                         "username": s.get("Username", "") or "",
                         "password": "",  # Don't export passwords

bt_cli/pws/commands/secrets.py

@@ -568,7 +568,7 @@ def print_secrets_table(secrets: list[dict], title: str = "Secrets") -> None:
     table.add_column("ID", style="cyan", no_wrap=True, max_width=36)
     table.add_column("Title", style="green")
     table.add_column("Username", style="yellow")
-    table.add_column("Folder", style="blue")
+    table.add_column("Folder Path", style="blue")
     table.add_column("Modified", style="dim")
 
     for secret in secrets:
@@ -576,7 +576,7 @@ def print_secrets_table(secrets: list[dict], title: str = "Secrets") -> None:
             secret.get("Id", "")[:36],
             secret.get("Title", ""),
             secret.get("Username", "-"),
-            secret.get("Folder", secret.get("FolderPath", "-")),
+            secret.get("FolderPath", secret.get("Folder", "-")),
             str(secret.get("ModifiedOn", "-"))[:19],
         )
 
@@ -653,7 +653,7 @@ def get_secret(
                 console.print(f"  Password: {secret.get('Password', '-')}")
             else:
                 console.print("  Password: ********")
-            console.print(f"  Folder: {secret.get('Folder', secret.get('FolderPath', '-'))}")
+            console.print(f"  Folder Path: {secret.get('FolderPath', secret.get('Folder', '-'))}")
             console.print(f"  Description: {secret.get('Description', '-') or '-'}")
             if secret.get("Notes"):
                 console.print(f"  Notes: {secret.get('Notes')}")
@@ -961,7 +961,7 @@ def get_text_secret(
         else:
             console.print(f"\n[bold cyan]Text Secret: {secret.get('Title', 'Unknown')}[/bold cyan]\n")
             console.print(f"  ID: {secret.get('Id', 'N/A')}")
-            console.print(f"  Folder: {secret.get('Folder', secret.get('FolderPath', '-'))}")
+            console.print(f"  Folder Path: {secret.get('FolderPath', secret.get('Folder', '-'))}")
             console.print(f"  Description: {secret.get('Description', '-') or '-'}")
             if show_text:
                 console.print(f"  Text Content:\n{secret.get('Password', '-')}")
@@ -1065,7 +1065,7 @@ def get_file_secret(
             console.print(f"\n[bold cyan]File Secret: {secret.get('Title', 'Unknown')}[/bold cyan]\n")
             console.print(f"  ID: {secret.get('Id', 'N/A')}")
             console.print(f"  FileName: {secret.get('FileName', '-')}")
-            console.print(f"  Folder: {secret.get('Folder', secret.get('FolderPath', '-'))}")
+            console.print(f"  Folder Path: {secret.get('FolderPath', secret.get('Folder', '-'))}")
             console.print(f"  Description: {secret.get('Description', '-') or '-'}")
             console.print(f"  Created: {secret.get('CreatedOn', '-')}")
             console.print(f"  Modified: {secret.get('ModifiedOn', '-')}")

{bt_cli-0.4.12.dist-info → bt_cli-0.4.14.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bt-cli
-Version: 0.4.12
+Version: 0.4.14
 Summary: BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM
 Author-email: Dave Grendysz <dgrendysz@beyondtrust.com>
 License: MIT

{bt_cli-0.4.12.dist-info → bt_cli-0.4.14.dist-info}/RECORD

@@ -1,4 +1,4 @@
-bt_cli/__init__.py,sha256=Vx-1AZjCFkmnQmwbnX-8YebWHOTk6RvdrT7gxkVn404,61
+bt_cli/__init__.py,sha256=2Ec_fVFIfrTcwoI2dlXG3AashEKBkbaNUp9YUdyZiOw,61
 bt_cli/cli.py,sha256=-V7Q_DcP7Ryw-mRBLMyj-iwlFpof8_eLgFAx-fN5seM,29640
 bt_cli/commands/__init__.py,sha256=Wrf3ZV1sf7JCilbv93VqoWWTyj0d-y4saAaVFD5apU8,38
 bt_cli/commands/configure.py,sha256=f3tn09eRDqlGQIq1gpuxj984S4CARYbmKI4XrqxPAAM,14270
@@ -14,13 +14,13 @@ bt_cli/core/errors.py,sha256=-LWipqdn8w-FMAC1W1jFbTMAlooiJqmyuR5j1VWMPyM,8783
 bt_cli/core/output.py,sha256=ACazDf3XAfJhAlns5fh6bQXkRIIGlBFuq1z2M-IBrwQ,5156
 bt_cli/core/prompts.py,sha256=VeB8on5VN_D_4r85rJBO6AP_yHJUxBVwWqwZHCoOiqs,2387
 bt_cli/core/rest_debug.py,sha256=7KsqsrsPXUqaYLePjZbwnoqMcg5ivJgYGS35ygaeLfM,5973
-bt_cli/data/CLAUDE.md,sha256=I0ZvD4x_N20QTNF9-R66nwdWMqtXlquQ-fLz3fZfgew,2829
+bt_cli/data/CLAUDE.md,sha256=3Y_afs1RGTKLkn4Vr9wMKiReIr4EEtBdjFrqSs2NymQ,3228
 bt_cli/data/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-bt_cli/data/skills/bt/SKILL.md,sha256=fIbkCkM7mwbFhty_FpGbYQq4Ah8fU5fZVVwvqMi1XR4,2808
-bt_cli/data/skills/entitle/SKILL.md,sha256=n2RifQl-RwRoPW341w7VKxGIDYjZ9HEbZvJ52ap6RQk,4215
-bt_cli/data/skills/epmw/SKILL.md,sha256=WMz6FlqfSwVFmiF7W_p3SypQnKq0kS5elhTqa8z06cU,3902
-bt_cli/data/skills/pra/SKILL.md,sha256=SvbTgwYofb1xJ4Up_Jqrcm6ddQiDugmoWDvvjuTr6CM,3693
-bt_cli/data/skills/pws/SKILL.md,sha256=zWKttbIL-UeOLe2iCBQS6CXLcAu_9K4SofuAaqTDlQc,5298
+bt_cli/data/skills/bt/SKILL.md,sha256=DZTvRtSYjiDxDbg7WTpgklYs5Dn-2Z-9w3X8RQJbGNo,3077
+bt_cli/data/skills/entitle/SKILL.md,sha256=yOHP9U_1vKh1yLmrAqKl4rNo16n4f3hia0xj_ZJRRYM,4413
+bt_cli/data/skills/epmw/SKILL.md,sha256=brfIXR9MnB5_FwRa-SyX1TwqVRyefgtr2foQfErpVVA,3541
+bt_cli/data/skills/pra/SKILL.md,sha256=-LTUJvjvLvZn0rMmy0KOeEBtUsotjbHvXX3RCk7mDBw,3749
+bt_cli/data/skills/pws/SKILL.md,sha256=lrOIN06hVrbHfph5rdu78W5N4UKzjrjuHxcJG4eK5hA,5401
 bt_cli/entitle/__init__.py,sha256=l2fasFHO_0zgCS1FgmGdAikumU8QimpaFD9Gvh3Jyqg,30
 bt_cli/entitle/client/__init__.py,sha256=kIQohXlEFGrRAyVWMO9GdESrnAg5J4dmoyJQ6q9NxSo,114
 bt_cli/entitle/client/base.py,sha256=Jov6v7iM8DZ6o_DL7esBpdnYyM-WVFzI8u_0Bjh9MgA,14623
@@ -55,7 +55,7 @@ bt_cli/epmw/commands/auth.py,sha256=2oC3h01_eh4XyEvsar_ffJAqGKXGE_PrhHQJWFswlN8,
 bt_cli/epmw/commands/computers.py,sha256=K0eBd8HOaVCe8hhHPlUuqCrZduhPuvwlkxdYt6YjJxM,4146
 bt_cli/epmw/commands/events.py,sha256=not-9_poxQWRBB4sqZSzJo6031A3IZTdg6uAl2Agk2g,7707
 bt_cli/epmw/commands/groups.py,sha256=PaMcjqfr2b3xS3W3V2A9CFTlMOAs38UmJbi5LKXbbg0,6759
-bt_cli/epmw/commands/policies.py,sha256=mCewGU2Sr9H628JIrW9fMJfG0xeI137NaVIPRdQTmkM,24103
+bt_cli/epmw/commands/policies.py,sha256=0jFQ-ZLzTAC6rPbMWL3DfWm0jdgvE2iwR_dHUHI-QG4,24600
 bt_cli/epmw/commands/quick.py,sha256=X2iTwnDgAvatW8wVY4nqQztLmIEoGmbn1YeCVwHyvzY,13876
 bt_cli/epmw/commands/requests.py,sha256=qcx6MsPXVm2UkaBIkhpf3RZh6Lo-BBz2OPF4Tl3h4p8,8251
 bt_cli/epmw/commands/roles.py,sha256=WYAelLUwzJkBB7rlKoR4FqSxfdoDjV310KcNl6ixCCM,2396
@@ -102,11 +102,11 @@ bt_cli/pws/commands/credentials.py,sha256=p1efDBCI35exGS-6iHQ5IHBQIo0TJMfWuCBoek
 bt_cli/pws/commands/databases.py,sha256=hHGg7hNtE5mwClCpWoSmVSB1-LdY3PORu9iMRuhbxOg,11961
 bt_cli/pws/commands/directories.py,sha256=NBZfivK-gh3BlC7nXyM_iWeE-qjPIPMlsptkNGtsQJk,7985
 bt_cli/pws/commands/functional.py,sha256=C9iMSjNfG2VF-kDAM8a3rlMwp_wMePZpGRPNWwkSTBI,12705
-bt_cli/pws/commands/import_export.py,sha256=JVYdul4geotAmwkfV04cMHuQD_KVyJ7EYIPbf2FibXg,18536
+bt_cli/pws/commands/import_export.py,sha256=jGrGqInxmWAGWVdUxVBt1hHtu_CqmXO65oV5RoUsaAA,27395
 bt_cli/pws/commands/platforms.py,sha256=1NZM8BFMG8-AL3AzRZjU0X8zZwt584Z4FOxQf6mGemc,3999
 bt_cli/pws/commands/quick.py,sha256=3i985r7A8_0zhXTDNxG9NLbGHXlXAAxZL2tMyAAIUyg,70769
 bt_cli/pws/commands/search.py,sha256=6AHJgk30mLneviODOYX4xL9VwPZo1bDUoix3oC99LMM,9875
-bt_cli/pws/commands/secrets.py,sha256=ig3V-CzenF-8YCle_LbszA6-cOj96LCwghUPDd1_Veg,51644
+bt_cli/pws/commands/secrets.py,sha256=-8WInmkRxhq2kESDyMwvtx3hS7OvB-60-puj_2GnH_4,51664
 bt_cli/pws/commands/systems.py,sha256=UFWNgyfI--NjKXqSWVbw_g_Ar_td4-Roa0tK1AJSuQE,16905
 bt_cli/pws/commands/users.py,sha256=yMMC1I32QOjsMr2taU4qD7WajdJ7W3mNDQITbqKCEP4,14078
 bt_cli/pws/commands/workgroups.py,sha256=fvjGniHE6T_oktQSvGhjFXeeDxeubkJXTwR4RNtrA4E,6080
@@ -115,7 +115,7 @@ bt_cli/pws/models/account.py,sha256=OSCMyULPOH1Yu2WOzK0ZQhSRrggGpb2JPHScwGLqUgI,
 bt_cli/pws/models/asset.py,sha256=Fl0AlR4_9Yyyu36FL1eKF29DNsxsB-r7FaOBRlfOg2Q,4081
 bt_cli/pws/models/common.py,sha256=D9Ah4ob5CIiFhTt_IR9nF2cBWRHS2z9OyBR2Sss5yzw,3487
 bt_cli/pws/models/system.py,sha256=D_J0x1A92H2n6BsaBEK9PSAAcs3BTifA5-M9SQqQFGA,5856
-bt_cli-0.4.12.dist-info/METADATA,sha256=EO3jvIX-6RdBdCDkTKxUq2NjgmO0GN1j1lUC9AVF52c,11803
-bt_cli-0.4.12.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-bt_cli-0.4.12.dist-info/entry_points.txt,sha256=NCOEqTI-XKpJOux0JKKhbRElz0B7upayh_d99X5hoLs,38
-bt_cli-0.4.12.dist-info/RECORD,,
+bt_cli-0.4.14.dist-info/METADATA,sha256=1Xp74W_sSHvwqqEe6JPwvZpkU0ENadn1PfS4ZGK_ySM,11803
+bt_cli-0.4.14.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+bt_cli-0.4.14.dist-info/entry_points.txt,sha256=NCOEqTI-XKpJOux0JKKhbRElz0B7upayh_d99X5hoLs,38
+bt_cli-0.4.14.dist-info/RECORD,,