epadmin-secret
epadmin secret target — Creates and loads the master secret for a node and encrypts sensitive strings.
DESCRIPTION
Use the secret target to create and load a master secret for a node, and to encrypt sensitive strings in configuration files, such as passwords. The feature is described in Encrypting Sensitive Configuration Data in the StreamBase Administration Guide.
The secret target has three commands:
The designation [
in syntax examples is a reminder that this
command requires either the global parameter sn
|ad
]‑‑servicename
or the ‑‑adminport
and
‑‑hostname
combination to identify the node or cluster
of interest.
epadmin create secret
Generates a master secret and stores it in a keystore file. No node is required to run this command.
epadmin create secret --keystore=mastersecret.ks epadmin create secret --keystore=mastersecret.ks --keystorepassword=supersecret
Command Parameter | Description | Required |
---|---|---|
keystore
|
Keystore file name. This file is created. It cannot exist. | Yes. |
keystorepassword
|
Keystore file password. | Yes. If not specified, a password prompt is displayed. |
epadmin encrypt secret
Encrypts data using the master secret as a key. The encrypted data is displayed on the console for copying and pasting into a configuration file. No node is required to run this command.
epadmin encrypt secret --keystore=mastersecret.ks epadmin encrypt secret --keystore=mastersecret.ks --keystorepassword=supersecret epadmin encrypt secret --keystore=mastersecret.ks --keystorepassword=supersecret --data=precious
Command Parameter | Description | Required |
---|---|---|
keystore
|
Keystore file. | Yes. |
keystorepassword
|
Keystore file password. | Yes. If not specified, a prompt is displayed for the password. |
data
|
Data to be encrypted. | Yes. If not specified a prompt is displayed for the data. |
epadmin load secret
Loads a master secret to a node. The load fails if the node already has a master secret installed.
epadmin[
load secret --keystore=mastersecret.ks epadminsn
|ad
][
load secret --keystore=mastersecret.ks --keystorepassword=supersecretsn
|ad
]
Command Parameter | Description | Required |
---|---|---|
keystore
|
Keystore file to load to node. | Yes. |
keystorepassword
|
Keystore file password. | Yes. If not specified, a prompt is displayed for the password. |