aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'efe9fe780d'
${ noResults }
boundary/website/content/docs/commands/config/encrypt.mdx

67 lines
2.0 KiB
Raw Blame History

---
layout: docs
page_title: config encrypt - Command
description: >-
The "config encrypt" command encrypts sensitive values in configuration files. You must mark sensitive values with {{encrypt()}} as appropriate.
---
# config encrypt
Command: `boundary config encrypt`
The `config encrypt` command encrypts sensitive values in a Boundary
configuration file. You must mark these values with `{{encrypt()}}` as
appropriate, for example: `key = {{encrypt(key_value)}}`.
## Examples
The following command overwrites the existing configuration file use the `-overwrite` flag:
```shell-session
$ boundary config encrypt -overwrite config.hcl
```
In order for this command to perform its task, you must define a "kms" block within a configuration file:
```hcl
kms "aead" {
purpose = "config"
aead_type = "aes-gcm"
key = "7xtkEoS5EXPbgynwd+dDLHopaCqK8cq0Rpep4eooaTs="
}
```
You can define the "kms" block in the configuration file or using the `-config`
flag. If you define it in the configuration file, only string parameters are
supported, and the markers must be inside the quotation marks that delimit the string.
Additionally, if you define the block inline, do not use an "aead" block with
the key defined in the configuration file as it provides no protection.
## Usage
<CodeBlockConfig hideClipboard>
```shell-session
$ boundary config encrypt [options] [args]
```
</CodeBlockConfig>
### Command options
- `-config` `(string: "")` - The configuration file to encrypt.
- `-config-kms` `(string: "")` - If set, the given file is parsed for
a "kms" block with purpose `config` to determine whether it should be used to perform the command.
If you do not configure this value, the command expects a block to be defined inline with the configuration file, and will only be able to support quoted string parameters.
- `-overwrite` - If set, overwrites the existing file. The default value is
`false`.
- `-strip` - If set, strips the declarations from the file afterwards.
The default value is `false`.
@include 'cmd-option-note.mdx'
Reference in new issue View Git Blame Copy Permalink