epadmin-secret

epadmin secret target — Creates and loads the master secret for a node and encrypts sensitive strings.

SYNOPSIS

epadmin [globalparameters] command secret [commandparameters]

DESCRIPTION

Use the secret target to create and load a master secret for a node, and to encrypt sensitive strings in configuration files, such as passwords. The feature is described in Encrypting Sensitive Configuration Data in the StreamBase Administration Guide.

The secret target has three commands:

The designation [sn|ad] in syntax examples is a reminder that this command requires either the global parameter ‑‑servicename or the ‑‑adminport and ‑‑hostname combination to identify the node or cluster of interest.

epadmin create secret

Generates a master secret and stores it in a key store file. No node is required to execute this command.

epadmin create secret --keystore=mastersecret.ks
epadmin create secret --keystore=mastersecret.ks --keystorepassword=supersecret
Command Parameter Description Required
keystore Key store file name. This file is created. It cannot exist. Yes.
keystorepassword Key store file password. No. If not specified, a password prompt is displayed.

epadmin encrypt secret

Encrypts data using the master secret as a key. The encrypted data is displayed on the console for copying and pasting into a configuration file. No node is required to execute this command.

epadmin encrypt secret --keystore=mastersecret.ks
epadmin encrypt secret --keystore=mastersecret.ks --keystorepassword=supersecret
epadmin encrypt secret --keystore=mastersecret.ks --keystorepassword=supersecret --data=precious
Command Parameter Description Required
keystore Key store file. Yes.
keystorepassword Key store file password. No. If not specified, a prompt is displayed for the password.
data Data to be encrypted. No. If not specified a prompt is displayed for the data.

epadmin load secret

Loads a master secret to a node. The load fails if the node already has a master secret installed.

epadmin load secret --keystore=mastersecret.ks
epadmin load secret --keystore=mastersecret.ks --keystorepassword=supersecret
Command Parameter Description Required
keystore Key store file to load to node. Yes.
keystorepassword Key store file password. No. If not specified, a prompt is displayed for the password.