Encryption Key
secrets/enc_key
Specifies an encryption key which is used to decrypt the ENC:<data> type entries.
The encryption key is an RSA private key which can be used to decrypt entries which were encrypted using the corresponding RSA public key.
This entry must be a PEM representation of an RSA private key, beginning with -----BEGIN RSA PRIVATE KEY----- and ending with -----END RSA PRIVATE KEY-----.
Example Steps:
An RSA key pair can be created with the following commands:
Generate the RSA private key:
openssl genrsa -out private.pem 2048
Generate the corresponding public key:
openssl rsa -pubout -in private.pem -out public.pem
An encrypted entry can be generated with the following command using the public key:
echo -n "<configuration entry>" | openssl rsautl
-encrypt -inkey public.pem -pubin | base64
oYpkxULIexyLR2wUl+mz6Nfki8Pd23Fv0buZZxAuh+Cq1A677NTZwmcWcWN9+MBBVJaISNM0uIVd33/n83Awf77Q/LXtjtzsk41Ux690YVsagh75n/BPk7Ca+4txzwB48yOrTKtIRVbNC2H+Rpa/7LMNSc1Zjez9PqNO4WIa323NzKA4y3Cx1h3DTKANrgsJgXDHNWNs/Ar9pPXxSeFNGmgnYRVtEZtN73IAMs8TzNJKNGkBkmr6vdZvlkjI6ebezJS1kawDvaKQ/C5GXdbpoaJE+JYgYsHDEZLpiasn0Ii4yt3HHNKpsX0UUBSIMO3di0brjJPoJFccVPHLDYgPlw==
This encryption key and encrypted entry can be provided in the configuration YAML.
Property
| Name | Type | Constraints |
|---|---|---|
| enc_key | string |
Example
secrets:
enc_key: "@private.pem"
# ...
identity:
oidc:
client_secret: "ENC:oYpkxULIexyLR2wUl+mz6Nfki8Pd23Fv0buZZxAuh+Cq1A677NTZwmcWcWN9+MBBVJaISNM0uIVd33/n83Awf77Q/LXtjtzsk41Ux690YVsagh75n/BPk7Ca+4txzwB48yOrTKtIRVbNC2H+Rpa/7LMNSc1Zjez9PqNO4WIa323NzKA4y3Cx1h3DTKANrgsJgXDHNWNs/Ar9pPXxSeFNGmgnYRVtEZtN73IAMs8TzNJKNGkBkmr6vdZvlkjI6ebezJS1kawDvaKQ/C5GXdbpoaJE+JYgYsHDEZLpiasn0Ii4yt3HHNKpsX0UUBSIMO3di0brjJPoJFccVPHLDYgPlw=="
Updated almost 2 years ago