Skip to main content
Version: 3.1

Shared content for all AWS-KMS secret docs - named secrets

Use the following CLI command to generate AWS KMS Data keys. Portworx associates each KMS Data Key with a unique name provided through the --secret_id argument.

To generate a new KMS Data Key, run the following command:

pxctl secrets aws generate-kms-data-key --secret_id mysecret

The above command generates an AWS KMS Data Key and associates it with the name mysecret. To use this Data Key for encrypting volumes provide only the secret ID mysecret to Portworx while creating/attaching the volume.

important

You should not run the above command with the same secret_id if you have volumes using the secret_id.

To list all the named secrets, use the following command:

pxctl secrets aws list-secrets