Encryption Key

secrets/enc_key

Specifies an encryption key which is used to decrypt the ENC:<data> type entries.

The encryption key is an RSA private key which can be used to decrypt entries which were encrypted using the corresponding RSA public key.

This entry must be a PEM representation of an RSA private key, beginning with -----BEGIN RSA PRIVATE KEY----- and ending with -----END RSA PRIVATE KEY-----.

Example Steps:

An RSA key pair can be created with the following commands:

Generate the RSA private key:

openssl genrsa -out private.pem 2048

Generate the corresponding public key:

openssl rsa -pubout -in private.pem -out public.pem

An encrypted entry can be generated with the following command using the public key:

echo -n "<configuration entry>" | openssl rsautl
    -encrypt -inkey public.pem -pubin | base64

oYpkxULIexyLR2wUl+mz6Nfki8Pd23Fv0buZZxAuh+Cq1A677NTZwmcWcWN9+MBBVJaISNM0uIVd33/n83Awf77Q/LXtjtzsk41Ux690YVsagh75n/BPk7Ca+4txzwB48yOrTKtIRVbNC2H+Rpa/7LMNSc1Zjez9PqNO4WIa323NzKA4y3Cx1h3DTKANrgsJgXDHNWNs/Ar9pPXxSeFNGmgnYRVtEZtN73IAMs8TzNJKNGkBkmr6vdZvlkjI6ebezJS1kawDvaKQ/C5GXdbpoaJE+JYgYsHDEZLpiasn0Ii4yt3HHNKpsX0UUBSIMO3di0brjJPoJFccVPHLDYgPlw==

This encryption key and encrypted entry can be provided in the configuration YAML.

Property

NameTypeConstraints
enc_keystring

Example

secrets:
  enc_key: "@private.pem"
# ...
identity:
  oidc:
    client_secret: "ENC:oYpkxULIexyLR2wUl+mz6Nfki8Pd23Fv0buZZxAuh+Cq1A677NTZwmcWcWN9+MBBVJaISNM0uIVd33/n83Awf77Q/LXtjtzsk41Ux690YVsagh75n/BPk7Ca+4txzwB48yOrTKtIRVbNC2H+Rpa/7LMNSc1Zjez9PqNO4WIa323NzKA4y3Cx1h3DTKANrgsJgXDHNWNs/Ar9pPXxSeFNGmgnYRVtEZtN73IAMs8TzNJKNGkBkmr6vdZvlkjI6ebezJS1kawDvaKQ/C5GXdbpoaJE+JYgYsHDEZLpiasn0Ii4yt3HHNKpsX0UUBSIMO3di0brjJPoJFccVPHLDYgPlw=="

Did this page help you?