mirror of
https://github.com/status-im/consul.git
synced 2025-01-28 06:25:25 +00:00
website: documentation updates for keyring command
This commit is contained in:
parent
5ab4a590d7
commit
c52997c95b
@ -10,12 +10,14 @@ Command: `consul keyring`
|
|||||||
|
|
||||||
The `keyring` command is used to examine and modify the encryption keys used in
|
The `keyring` command is used to examine and modify the encryption keys used in
|
||||||
Consul's [Gossip Pools](/docs/internals/gossip.html). It is capable of
|
Consul's [Gossip Pools](/docs/internals/gossip.html). It is capable of
|
||||||
distributing new encryption keys to the cluster, revoking old encryption keys,
|
distributing new encryption keys to the cluster, retiring old encryption keys,
|
||||||
and changing the key used by the cluster to encrypt messages.
|
and changing the keys used by the cluster to encrypt messages.
|
||||||
|
|
||||||
Because Consul utilizes multiple gossip pools, this command will only operate
|
Because Consul utilizes multiple gossip pools, this command will only operate
|
||||||
against a server node for most operations. The only operation which may be used
|
against a server node for most operations. All members in a Consul cluster,
|
||||||
on client machines is the `-init` argument for initial key configuration.
|
regardless of operational mode (client or server) or datacenter, will be
|
||||||
|
modified/queried each time this command is run. This helps maintain operational
|
||||||
|
simplicity by managing the multiple pools as a single unit.
|
||||||
|
|
||||||
Consul allows multiple encryption keys to be in use simultaneously. This is
|
Consul allows multiple encryption keys to be in use simultaneously. This is
|
||||||
intended to provide a transition state while the cluster converges. It is the
|
intended to provide a transition state while the cluster converges. It is the
|
||||||
@ -23,9 +25,9 @@ responsibility of the operator to ensure that only the required encryption keys
|
|||||||
are installed on the cluster. You can ensure that a key is not installed using
|
are installed on the cluster. You can ensure that a key is not installed using
|
||||||
the `-list` and `-remove` options.
|
the `-list` and `-remove` options.
|
||||||
|
|
||||||
All variations of the keys command will return 0 if all nodes reply and there
|
All variations of the `keyring` command, unless otherwise specified below, will
|
||||||
are no errors. If any node fails to reply or reports failure, the exit code will
|
return 0 if all nodes reply and there are no errors. If any node fails to reply
|
||||||
be 1.
|
or reports failure, the exit code will be 1.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
@ -44,6 +46,9 @@ The list of available flags are:
|
|||||||
This operation can be run on both client and server nodes and requires no
|
This operation can be run on both client and server nodes and requires no
|
||||||
network connectivity.
|
network connectivity.
|
||||||
|
|
||||||
|
Returns 0 if the key is successfully configured, or 1 if there were any
|
||||||
|
problems.
|
||||||
|
|
||||||
* `-install` - Install a new encryption key. This will broadcast the new key to
|
* `-install` - Install a new encryption key. This will broadcast the new key to
|
||||||
all members in the cluster.
|
all members in the cluster.
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user