5. nomad keyring --help

nomad keyring --help


  • https://www.nomadproject.io/docs/commands/keyring.html

    Usage: nomad keyring [options]

  Manages encryption keys used for gossip messages between Nomad servers. Gossip
  encryption is optional. When enabled, this command may be used to examine
  active encryption keys in the cluster, add new keys, and remove old ones. When
  combined, this functionality provides the ability to perform key rotation
  cluster-wide, without disrupting the cluster.

  All operations performed by this command can only be run against server nodes.

  All variations of the keyring command return 0 if all nodes reply and there
  are no errors. If any node fails to reply or reports failure, the exit code
  will be 1.

General Options:

  -address=<addr>
    The address of the Nomad server.
    Overrides the NOMAD_ADDR environment variable if set.
    Default = http://127.0.0.1:4646

  -region=<region>
    The region of the Nomad servers to forward commands to.
    Overrides the NOMAD_REGION environment variable if set.
    Defaults to the Agent's local region.
  
  -no-color
    Disables colored command output.

  -ca-cert=<path>           
    Path to a PEM encoded CA cert file to use to verify the 
    Nomad server SSL certificate.  Overrides the NOMAD_CACERT 
    environment variable if set.

  -ca-path=<path>           
    Path to a directory of PEM encoded CA cert files to verify 
    the Nomad server SSL certificate. If both -ca-cert and 
    -ca-path are specified, -ca-cert is used. Overrides the 
    NOMAD_CAPATH environment variable if set.

  -client-cert=<path>       
    Path to a PEM encoded client certificate for TLS authentication 
    to the Nomad server. Must also specify -client-key. Overrides 
    the NOMAD_CLIENT_CERT environment variable if set.

  -client-key=<path>        
    Path to an unencrypted PEM encoded private key matching the 
    client certificate from -client-cert. Overrides the 
    NOMAD_CLIENT_KEY environment variable if set.

  -tls-skip-verify        
    Do not verify TLS certificate. This is highly not recommended. Verification
    will also be skipped if NOMAD_SKIP_VERIFY is set.

Keyring Options:

  -install=<key>            Install a new encryption key. This will broadcast
                            the new key to all members in the cluster.
  -list                     List all keys currently in use within the cluster.
  -remove=<key>             Remove the given key from the cluster. This
                            operation may only be performed on keys which are
                            not currently the primary key.
  -use=<key>                Change the primary encryption key, which is used to
                            encrypt messages. The key must already be installed
                            before this operation can succeed.
nomad manpages 23
Log in to reply
 

© Lightnetics 2024