nomad keyring --help
-
https://www.nomadproject.io/docs/commands/keyring.html
Usage: nomad keyring [options] Manages encryption keys used for gossip messages between Nomad servers. Gossip encryption is optional. When enabled, this command may be used to examine active encryption keys in the cluster, add new keys, and remove old ones. When combined, this functionality provides the ability to perform key rotation cluster-wide, without disrupting the cluster. All operations performed by this command can only be run against server nodes. All variations of the keyring command return 0 if all nodes reply and there are no errors. If any node fails to reply or reports failure, the exit code will be 1. General Options: -address=<addr> The address of the Nomad server. Overrides the NOMAD_ADDR environment variable if set. Default = http://127.0.0.1:4646 -region=<region> The region of the Nomad servers to forward commands to. Overrides the NOMAD_REGION environment variable if set. Defaults to the Agent's local region. -no-color Disables colored command output. -ca-cert=<path> Path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate. Overrides the NOMAD_CACERT environment variable if set. -ca-path=<path> Path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate. If both -ca-cert and -ca-path are specified, -ca-cert is used. Overrides the NOMAD_CAPATH environment variable if set. -client-cert=<path> Path to a PEM encoded client certificate for TLS authentication to the Nomad server. Must also specify -client-key. Overrides the NOMAD_CLIENT_CERT environment variable if set. -client-key=<path> Path to an unencrypted PEM encoded private key matching the client certificate from -client-cert. Overrides the NOMAD_CLIENT_KEY environment variable if set. -tls-skip-verify Do not verify TLS certificate. This is highly not recommended. Verification will also be skipped if NOMAD_SKIP_VERIFY is set. Keyring Options: -install=<key> Install a new encryption key. This will broadcast the new key to all members in the cluster. -list List all keys currently in use within the cluster. -remove=<key> Remove the given key from the cluster. This operation may only be performed on keys which are not currently the primary key. -use=<key> Change the primary encryption key, which is used to encrypt messages. The key must already be installed before this operation can succeed.
© Lightnetics 2024