Portworx Documentation has moved to https://docs.portworx.com
Portworx Enterprise version 2.13 has reached end of life and end of extended maintenance. Refer to the release support policy doc here.
Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.

pxctl secrets


pxctl secrets

 pxctl secrets

Description

Manage Secrets. Supported secret stores AWS KMS | Vault | DCOS Secrets | IBM Key Protect | Kubernetes Secrets | Google Cloud KMS

pxctl secrets set-cluster-key

 pxctl secrets set-cluster-key

Description

Sets an existing secret as a cluster-wide (default) secret to be used for volume encryption

Flags

Flag Description

--secret (str)

Secret id of an existing secret

--secret_options (str)

Secret options is used to pass specific secret parameters. Usage: --secret_options=k1=v1,k2=v2

--overwrite (bool)

Overwrite an existing cluster wide secret key

pxctl secrets upload-cluster-wide-secret

 pxctl secrets upload-cluster-wide-secret

Description

Uploads the provided key and secret as a cluster-wide (default) secret. Should be used only when migrating cluster-wide secrets between Portworx clusters.

Flags

Flag Description

--secret_id (str)

An ID to identify the secret

Required: true

--secret_value (str)

The actual secret to be used for encrypting volumes

Required: true

--overwrite (bool)

If set then the command will overwrite the existing cluster-wide secret (Any existing volumes with the older secret will be unusable)

pxctl secrets dump-cluster-wide-secret

 pxctl secrets dump-cluster-wide-secret

Description

Dumps the cluster-wide secret and the associated key for this cluster. Should be used only when migrating cluster-wide secrets between Portworx clusters.

pxctl secrets aws

 pxctl secrets aws

Description

AWS secret-endpoint commands

pxctl secrets aws generate-kms-data-key

 pxctl secrets aws generate-kms-data-key

Description

Generates a KMS Data Key and associates the given secret_id to it

Flags

Flag Description

--secret_id (str)

Secret Id to associate with the KMS Data Key

pxctl secrets aws list-secrets

 pxctl secrets aws list-secrets

Description

Lists all the available secret ids

pxctl secrets kvdb

 pxctl secrets kvdb

Description

kvdb secret-endpoint commands

pxctl secrets kvdb put-secret

 pxctl secrets kvdb put-secret

Description

Put Secret into kvdb

Flags

Flag Description

--secret_id (str)

Id of the secret to write in kvdb

--secret_value (str)

Value of the secret

pxctl secrets kvdb get-secret

 pxctl secrets kvdb get-secret

Description

Get Secret from kvdb

Flags

Flag Description

--secret_id (str)

Id of the secret to fetch from kvdb

pxctl secrets kvdb list-secrets

 pxctl secrets kvdb list-secrets

Description

Lists all the available secret ids

pxctl secrets gcloud

 pxctl secrets gcloud

Description

Google Cloud KMS commands

pxctl secrets gcloud create-secret

 pxctl secrets gcloud create-secret

Description

Creates a new secret

Flags

Flag Description

--secret_id, -i (str)

Id of the secret to be created

Required: true

--passphrase, -p (str)

The secret passphrase to be associated with the secret id. If passphrase is empty portworx will generate one.

Required: true

pxctl secrets gcloud list-secrets

 pxctl secrets gcloud list-secrets

Description

Lists all the available secret ids

pxctl secrets gcloud delete-secret

 pxctl secrets gcloud delete-secret

Description

Deletes a secret with the provided ID. Any volumes encrypted with that secret will not be usable

Flags

Flag Description

--secret_id, -i (str)

Id of the secret to be deleted

Required: true

--force, -f (bool)

Force delete a secret. Any volumes encrypted with that secret will not be usable.

Default value: false

pxctl secrets ibm

 pxctl secrets ibm

Description

IBM Key Protect commands

pxctl secrets ibm list-secrets

 pxctl secrets ibm list-secrets

Description

Lists all the available secret ids