Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.
pxctl secrets
pxctl secrets
pxctl secrets
Description
Manage Secrets. Supported secret stores AWS KMS | Vault | DCOS Secrets | IBM Key Protect | Kubernetes Secrets | Google Cloud KMSpxctl secrets set-cluster-key
pxctl secrets set-cluster-key
Description
Sets an existing secret as a cluster-wide (default) secret to be used for volume encryptionFlags
Flag | Description |
---|---|
|
Secret id of an existing secret |
|
Secret options is used to pass specific secret parameters. Usage: --secret_options=k1=v1,k2=v2 |
|
Overwrite an existing cluster wide secret key |
pxctl secrets upload-cluster-wide-secret
pxctl secrets upload-cluster-wide-secret
Description
Uploads the provided key and secret as a cluster-wide (default) secret. Should be used only when migrating cluster-wide secrets between Portworx clusters.Flags
Flag | Description |
---|---|
|
An ID to identify the secret Required: true |
|
The actual secret to be used for encrypting volumes Required: true |
|
If set then the command will overwrite the existing cluster-wide secret (Any existing volumes with the older secret will be unusable) |
pxctl secrets dump-cluster-wide-secret
pxctl secrets dump-cluster-wide-secret
Description
Dumps the cluster-wide secret and the associated key for this cluster. Should be used only when migrating cluster-wide secrets between Portworx clusters.pxctl secrets aws
pxctl secrets aws
Description
AWS secret-endpoint commandspxctl secrets aws generate-kms-data-key
pxctl secrets aws generate-kms-data-key
Description
Generates a KMS Data Key and associates the given secret_id to itFlags
Flag | Description |
---|---|
|
Secret Id to associate with the KMS Data Key |
pxctl secrets aws list-secrets
pxctl secrets aws list-secrets
Description
Lists all the available secret idspxctl secrets kvdb
pxctl secrets kvdb
Description
kvdb secret-endpoint commandspxctl secrets kvdb put-secret
pxctl secrets kvdb put-secret
Description
Put Secret into kvdbFlags
Flag | Description |
---|---|
|
Id of the secret to write in kvdb |
|
Value of the secret |
pxctl secrets kvdb get-secret
pxctl secrets kvdb get-secret
Description
Get Secret from kvdbFlags
Flag | Description |
---|---|
|
Id of the secret to fetch from kvdb |
pxctl secrets kvdb list-secrets
pxctl secrets kvdb list-secrets
Description
Lists all the available secret idspxctl secrets gcloud
pxctl secrets gcloud
Description
Google Cloud KMS commandspxctl secrets gcloud create-secret
pxctl secrets gcloud create-secret
Description
Creates a new secretFlags
Flag | Description |
---|---|
|
Id of the secret to be created Required: true |
|
The secret passphrase to be associated with the secret id. If passphrase is empty portworx will generate one. Required: true |
pxctl secrets gcloud list-secrets
pxctl secrets gcloud list-secrets
Description
Lists all the available secret idspxctl secrets gcloud delete-secret
pxctl secrets gcloud delete-secret
Description
Deletes a secret with the provided ID. Any volumes encrypted with that secret will not be usableFlags
Flag | Description |
---|---|
|
Id of the secret to be deleted Required: true |
|
Force delete a secret. Any volumes encrypted with that secret will not be usable. Default value: false |
pxctl secrets ibm
pxctl secrets ibm
Description
IBM Key Protect commandspxctl secrets ibm list-secrets
pxctl secrets ibm list-secrets