pvsecret-create-retrievable - Man Page
Create a retrievable secret
Synopsis
pvsecret create retrievable [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME> pvsecret create retr [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>
Description
A retrievable secret is stored in the per-guest storage of the Ultravisor. A SE-guest can retrieve the secret at runtime and use it. All retrievable secrets, but the plaintext secret, are retrieved as wrapped/protected key objects and only usable inside the current, running SE-guest instance.
Options
- <NAME>
String that identifies the new secret. The actual secret is set with --secret. The name is saved in `NAME.yaml` with white-spaces mapped to `_`.
- --stdout
Print the hashed name to stdout. The hashed name is not written to `NAME.yaml`
- --secret <SECRET-FILE>
Use SECRET-FILE as retrievable secret.
- --type <TYPE>
Specify the secret type. Limitations to the input data apply depending on the secret type.
Possible values:
- plain: A plaintext secret. Can be any file up to 8190 bytes long.
- aes: An AES key. Must be a plain byte file 128, 192, or 256 bit long.
- aes-xts: An AES-XTS key. Must be a plain byte file 512, or 1024 bit long.
- hmac-sha: A HMAC-SHA key. Must be a plain byte file 512, or 1024 bit long.
- ec: An elliptic curve private key. Must be a PEM or DER file.
- -h, ā--help
Print help (see a summary with -h).
See Also
Referenced By
2024-12-19 s390-tools UV-Secret Manual