diff --git a/command/agent/command.go b/command/agent/command.go index 2a580eaf79..afc5ae327f 100644 --- a/command/agent/command.go +++ b/command/agent/command.go @@ -62,6 +62,7 @@ func (c *Command) readConfig() *Config { cmdFlags.StringVar(&cmdConfig.DataDir, "data-dir", "", "path to the data directory") cmdFlags.StringVar(&cmdConfig.UiDir, "ui-dir", "", "path to the web UI directory") cmdFlags.StringVar(&cmdConfig.PidFile, "pid-file", "", "path to file to store PID") + cmdFlags.StringVar(&cmdConfig.EncryptKey, "encrypt", "", "gossip encryption key") cmdFlags.BoolVar(&cmdConfig.Server, "server", false, "run agent as server") cmdFlags.BoolVar(&cmdConfig.Bootstrap, "bootstrap", false, "enable server bootstrap mode") @@ -609,6 +610,7 @@ Options: order. -data-dir=path Path to a data directory to store agent state -dc=east-aws Datacenter of the agent + -encrypt=key Provides the gossip encryption key -join=1.2.3.4 Address of an agent to join at start time. Can be specified multiple times. -log-level=info Log level of the agent. diff --git a/website/source/docs/agent/options.html.markdown b/website/source/docs/agent/options.html.markdown index bb575a1004..0a7540d427 100644 --- a/website/source/docs/agent/options.html.markdown +++ b/website/source/docs/agent/options.html.markdown @@ -81,6 +81,11 @@ The options below are all specified on the command-line. it relies on proper configuration. Nodes in the same datacenter should be on a single LAN. +* `-encrypt` - Specifies the secret key to use for encryption of Consul + network traffic. This key must be 16-bytes that are base64 encoded. The + easiest way to create an encryption key is to use `consul keygen`. All + nodes within a cluster must share the same encryption key to communicate. + * `-join` - Address of another agent to join upon starting up. This can be specified multiple times to specify multiple agents to join. If Consul is unable to join with any of the specified addresses, agent startup will @@ -234,10 +239,7 @@ definitions support being updated during a reload. * `enable_debug` - When set, enables some additional debugging features. Currently, only used to set the runtime profiling HTTP endpoints. -* `encrypt` - Specifies the secret key to use for encryption of Consul - network traffic. This key must be 16-bytes that are base64 encoded. The - easiest way to create an encryption key is to use `consul keygen`. All - nodes within a cluster must share the same encryption key to communicate. +* `encrypt` - Equivalent to the `-encrypt` command-line flag. * `key_file` - This provides a the file path to a PEM encoded private key. The key is used with the certificate to verify the agents authenticity.