epadmin-secret
epadmin secret target — Creates and loads the master secret for a node and encrypts sensitive strings.
DESCRIPTION
Use the secret target to create and load a master secret for a node, and to encrypt sensitive strings in configuration files, such as passwords. The feature is described in Encrypting Sensitive Configuration Data in the StreamBase Administration Guide.
The secret target has three commands:
The designation [
in syntax examples is a reminder that this
command requires either the global parameter sn
|ad
]‑‑servicename
or the ‑‑adminport
and
‑‑hostname
combination to identify the node or cluster
of interest.
epadmin create secret
Generates a master secret and stores it in a key store file. No node is required to execute this command.
epadmin create secret --keystore=mastersecret.ks epadmin create secret --keystore=mastersecret.ks --keystorepassword=supersecret
Command Parameter | Description | Required |
---|---|---|
keystore
|
Key store file name. This file is created. It cannot exist. | Yes. |
keystorepassword
|
Key store file password. | No. If not specified, a password prompt is displayed. |
epadmin encrypt secret
Encrypts data using the master secret as a key. The encrypted data is displayed on the console for copying and pasting into a configuration file. No node is required to execute this command.
epadmin encrypt secret --keystore=mastersecret.ks epadmin encrypt secret --keystore=mastersecret.ks --keystorepassword=supersecret epadmin encrypt secret --keystore=mastersecret.ks --keystorepassword=supersecret --data=precious
Command Parameter | Description | Required |
---|---|---|
keystore
|
Key store file. | Yes. |
keystorepassword
|
Key store file password. | No. If not specified, a prompt is displayed for the password. |
data
|
Data to be encrypted. | No. If not specified a prompt is displayed for the data. |
epadmin load secret
Loads a master secret to a node. The load fails if the node already has a master secret installed.
epadmin load secret --keystore=mastersecret.ks epadmin load secret --keystore=mastersecret.ks --keystorepassword=supersecret
Command Parameter | Description | Required |
---|---|---|
keystore
|
Key store file to load to node. | Yes. |
keystorepassword
|
Key store file password. | No. If not specified, a prompt is displayed for the password. |