pxctl secrets
pxctl secrets
pxctl secretsDescription
Manage Secrets. Supported secret stores AWS KMS | Vault | DCOS Secrets | IBM Key Protect | Kubernetes Secrets | Google Cloud KMSpxctl secrets set-cluster-key
pxctl secrets set-cluster-keyDescription
Sets an existing secret as a cluster-wide (default) secret to be used for volume encryptionFlags
| Flag | Description |
|---|---|
|
|
Secret id of an existing secret |
|
|
Secret options is used to pass specific secret parameters. Usage: --secret_options=k1=v1,k2=v2 |
|
|
Overwrite an existing cluster wide secret key |
pxctl secrets upload-cluster-wide-secret
pxctl secrets upload-cluster-wide-secretDescription
Uploads the provided key and secret as a cluster-wide (default) secret. Should be used only when migrating cluster-wide secrets between Portworx clusters.Flags
| Flag | Description |
|---|---|
|
|
An ID to identify the secret Required: true |
|
|
The actual secret to be used for encrypting volumes Required: true |
|
|
If set then the command will overwrite the existing cluster-wide secret (Any existing volumes with the older secret will be unusable) |
pxctl secrets dump-cluster-wide-secret
pxctl secrets dump-cluster-wide-secretDescription
Dumps the cluster-wide secret and the associated key for this cluster. Should be used only when migrating cluster-wide secrets between Portworx clusters.pxctl secrets aws
pxctl secrets awsDescription
AWS secret-endpoint commandspxctl secrets aws generate-kms-data-key
pxctl secrets aws generate-kms-data-keyDescription
Generates a KMS Data Key and associates the given secret_id to itFlags
| Flag | Description |
|---|---|
|
|
Secret Id to associate with the KMS Data Key |
pxctl secrets aws list-secrets
pxctl secrets aws list-secretsDescription
Lists all the available secret idspxctl secrets kvdb
pxctl secrets kvdbDescription
kvdb secret-endpoint commandspxctl secrets kvdb put-secret
pxctl secrets kvdb put-secretDescription
Put Secret into kvdbFlags
| Flag | Description |
|---|---|
|
|
Id of the secret to write in kvdb |
|
|
Value of the secret |
pxctl secrets kvdb get-secret
pxctl secrets kvdb get-secretDescription
Get Secret from kvdbFlags
| Flag | Description |
|---|---|
|
|
Id of the secret to fetch from kvdb |
pxctl secrets kvdb list-secrets
pxctl secrets kvdb list-secretsDescription
Lists all the available secret idspxctl secrets gcloud
pxctl secrets gcloudDescription
Google Cloud KMS commandspxctl secrets gcloud create-secret
pxctl secrets gcloud create-secretDescription
Creates a new secretFlags
| Flag | Description |
|---|---|
|
|
Id of the secret to be created Required: true |
|
|
The secret passphrase to be associated with the secret id. If passphrase is empty portworx will generate one. Required: true |
pxctl secrets gcloud list-secrets
pxctl secrets gcloud list-secretsDescription
Lists all the available secret idspxctl secrets gcloud delete-secret
pxctl secrets gcloud delete-secretDescription
Deletes a secret with the provided ID. Any volumes encrypted with that secret will not be usableFlags
| Flag | Description |
|---|---|
|
|
Id of the secret to be deleted Required: true |
|
|
Force delete a secret. Any volumes encrypted with that secret will not be usable. Default value: false |
pxctl secrets ibm
pxctl secrets ibmDescription
IBM Key Protect commandspxctl secrets ibm list-secrets
pxctl secrets ibm list-secrets