pxctl secrets
pxctl secrets
pxctl secrets
Description
Manage Secrets. Supported secret stores AWS KMS | Vault | DCOS Secrets | IBM Key Protect | Kubernetes Secrets | Google Cloud KMSpxctl secrets set-cluster-key
pxctl secrets set-cluster-key
Description
Sets an existing secret as a cluster-wide (default) secret to be used for volume encryptionFlags
Flag | Description |
---|---|
|
Secret id of an existing secret |
|
Secret options is used to pass specific secret parameters. Usage: --secret_options=k1=v1,k2=v2 |
|
Overwrite an existing cluster wide secret key |
pxctl secrets upload-cluster-wide-secret
pxctl secrets upload-cluster-wide-secret
Description
Uploads the provided key and secret as a cluster-wide (default) secret. Should be used only when migrating cluster-wide secrets between Portworx clusters.Flags
Flag | Description |
---|---|
|
An ID to identify the secret Required: true |
|
The actual secret to be used for encrypting volumes Required: true |
|
If set then the command will overwrite the existing cluster-wide secret (Any existing volumes with the older secret will be unusable) |
pxctl secrets dump-cluster-wide-secret
pxctl secrets dump-cluster-wide-secret
Description
Dumps the cluster-wide secret and the associated key for this cluster. Should be used only when migrating cluster-wide secrets between Portworx clusters.pxctl secrets aws
pxctl secrets aws
Description
AWS secret-endpoint commandspxctl secrets aws generate-kms-data-key
pxctl secrets aws generate-kms-data-key
Description
Generates a KMS Data Key and associates the given secret_id to itFlags
Flag | Description |
---|---|
|
Secret Id to associate with the KMS Data Key |
pxctl secrets aws list-secrets
pxctl secrets aws list-secrets
Description
Lists all the available secret idspxctl secrets kvdb
pxctl secrets kvdb
Description
kvdb secret-endpoint commandspxctl secrets kvdb put-secret
pxctl secrets kvdb put-secret
Description
Put Secret into kvdbFlags
Flag | Description |
---|---|
|
Id of the secret to write in kvdb |
|
Value of the secret |
pxctl secrets kvdb get-secret
pxctl secrets kvdb get-secret
Description
Get Secret from kvdbFlags
Flag | Description |
---|---|
|
Id of the secret to fetch from kvdb |
pxctl secrets kvdb list-secrets
pxctl secrets kvdb list-secrets
Description
Lists all the available secret idspxctl secrets gcloud
pxctl secrets gcloud
Description
Google Cloud KMS commandspxctl secrets gcloud create-secret
pxctl secrets gcloud create-secret
Description
Creates a new secretFlags
Flag | Description |
---|---|
|
Id of the secret to be created Required: true |
|
The secret passphrase to be associated with the secret id. If passphrase is empty portworx will generate one. Required: true |
pxctl secrets gcloud list-secrets
pxctl secrets gcloud list-secrets
Description
Lists all the available secret idspxctl secrets gcloud delete-secret
pxctl secrets gcloud delete-secret
Description
Deletes a secret with the provided ID. Any volumes encrypted with that secret will not be usableFlags
Flag | Description |
---|---|
|
Id of the secret to be deleted Required: true |
|
Force delete a secret. Any volumes encrypted with that secret will not be usable. Default value: false |
pxctl secrets ibm
pxctl secrets ibm
Description
IBM Key Protect commandspxctl secrets ibm list-secrets
pxctl secrets ibm list-secrets