pvsecret-create-retrievable - Man Page

pvsecret create retrievable [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>
pvsecret create retr [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>

A retrievable secret is stored in the per-guest storage of the Ultravisor. A SE-guest can retrieve the secret at runtime and use it. All retrievable secrets, but the plaintext secret, are retrieved as wrapped/protected key objects and only usable inside the current, running SE-guest instance.

<NAME>

String that identifies the new secret. The actual secret is set with --secret. The name is saved in `NAME.yaml` with white-spaces mapped to `_`.

--stdout

Print the hashed name to stdout. The hashed name is not written to `NAME.yaml`

--secret <SECRET-FILE>

Use SECRET-FILE as retrievable secret.

--type <TYPE>

Specify the secret type. Limitations to the input data apply depending on the secret type.

Possible values:

• plain: A plaintext secret. Can be any file up to 8190 bytes long.
• aes: An AES key. Must be a plain byte file 128, 192, or 256 bit long.
• aes-xts: An AES-XTS key. Must be a plain byte file 512, or 1024 bit long.
• hmac-sha: A HMAC-SHA key. Must be a plain byte file 512, or 1024 bit long.
• ec: An elliptic curve private key. Must be a PEM or DER file.

-h,  --help

Print help (see a summary with -h).

pvsecret(1) pvsecret-create(1)

pvsecret-create(1).