agent: Support encrypt CLI flag. Fixes #245.

2014-08-22 15:08:15 -07:00 · 2014-08-22 15:08:15 -07:00 · 168ddedcee
parent 2cde3678ea
commit 168ddedcee
2 changed files with 8 additions and 4 deletions
--- a/command/agent/command.go
+++ b/command/agent/command.go
@ -62,6 +62,7 @@ func (c *Command) readConfig() *Config {
 	cmdFlags.StringVar(&cmdConfig.DataDir, "data-dir", "", "path to the data directory")
 	cmdFlags.StringVar(&cmdConfig.UiDir, "ui-dir", "", "path to the web UI directory")
 	cmdFlags.StringVar(&cmdConfig.PidFile, "pid-file", "", "path to file to store PID")
+	cmdFlags.StringVar(&cmdConfig.EncryptKey, "encrypt", "", "gossip encryption key")

 	cmdFlags.BoolVar(&cmdConfig.Server, "server", false, "run agent as server")
 	cmdFlags.BoolVar(&cmdConfig.Bootstrap, "bootstrap", false, "enable server bootstrap mode")
@ -609,6 +610,7 @@ Options:
                           order.
  -data-dir=path           Path to a data directory to store agent state
  -dc=east-aws             Datacenter of the agent
+  -encrypt=key             Provides the gossip encryption key
  -join=1.2.3.4            Address of an agent to join at start time.
                           Can be specified multiple times.
  -log-level=info          Log level of the agent.
--- a/website/source/docs/agent/options.html.markdown
+++ b/website/source/docs/agent/options.html.markdown
@ -81,6 +81,11 @@ The options below are all specified on the command-line.
  it relies on proper configuration. Nodes in the same datacenter should be on a single
  LAN.

+* `-encrypt` - Specifies the secret key to use for encryption of Consul
+  network traffic. This key must be 16-bytes that are base64 encoded. The
+  easiest way to create an encryption key is to use `consul keygen`. All
+  nodes within a cluster must share the same encryption key to communicate.
+
 * `-join` - Address of another agent to join upon starting up. This can be
  specified multiple times to specify multiple agents to join. If Consul is
  unable to join with any of the specified addresses, agent startup will
@ -234,10 +239,7 @@ definitions support being updated during a reload.
 * `enable_debug` - When set, enables some additional debugging features. Currently,
  only used to set the runtime profiling HTTP endpoints.

-* `encrypt` - Specifies the secret key to use for encryption of Consul
-  network traffic. This key must be 16-bytes that are base64 encoded. The
-  easiest way to create an encryption key is to use `consul keygen`. All
-  nodes within a cluster must share the same encryption key to communicate.
+* `encrypt` - Equivalent to the `-encrypt` command-line flag.

 * `key_file` - This provides a the file path to a PEM encoded private key.
  The key is used with the certificate to verify the agents authenticity.