open-nomad/website/source/docs/commands/operator/keyring.html.md.erb

59 lines
2 KiB
Plaintext
Raw Normal View History

---
layout: "docs"
2018-03-22 17:56:06 +00:00
page_title: "Commands: operator keyring"
sidebar_current: "docs-commands-operator-keyring"
---
2018-03-22 20:39:18 +00:00
# Command: operator keyring
2018-03-22 17:56:06 +00:00
The `operator keyring` command is used to examine and modify the encryption keys
used in Nomad server. It is capable of distributing new encryption keys to the
cluster, retiring old encryption keys, and changing the keys used by the cluster
to encrypt messages.
Nomad allows multiple encryption keys to be in use simultaneously. This is
intended to provide a transition state while the cluster converges. It is the
responsibility of the operator to ensure that only the required encryption keys
are installed on the cluster. You can review the installed keys using the
`-list` argument, and remove unneeded keys with `-remove`.
All operations performed by this command can only be run against server nodes
and will effect the entire cluster.
All variations of the `keyring` command return 0 if all nodes reply and there
are no errors. If any node fails to reply or reports failure, the exit code
will be 1.
## Usage
2018-03-22 17:56:06 +00:00
Usage: `nomad operator keyring [options]`
Only one actionable argument may be specified per run, including `-list`,
`-install`, `-remove`, and `-use`.
The list of available flags are:
* `-list` - List all keys currently in use within the cluster.
* `-install` - Install a new encryption key. This will broadcast the new key to
all members in the cluster.
* `-use` - Change the primary encryption key, which is used to encrypt messages.
The key must already be installed before this operation can succeed.
* `-remove` - Remove the given key from the cluster. This operation may only be
performed on keys which are not currently the primary key.
## Output
2018-03-22 17:56:06 +00:00
The output of the `nomad operator keyring -list` command consolidates information from
all the Nomad servers from all datacenters and regions to provide a simple and
easy to understand view of the cluster.
```
==> Gathering installed encryption keys...
Key
PGm64/neoebUBqYR/lZTbA==
```