Shared content for all gcloud - named secrets
Use the following CLI command to create a new secret in Google Cloud KMS and provide it an identifier/name:
pxctl secrets gcloud create-secret --secret_id mysecret --passphrase mysecretpassphrase
The above command will create a new key-value pair mysecret=mysecretpassphrase
. Portworx will use Google Cloud KMS to encrypt the passphrase mysecretpassphrase
and store it in its internal metadata store. To use this passphrase for encrypting volumes provide only the secret ID mysecret
to Portworx while creating/attaching the volume.
To list all the named secrets use the following command:
pxctl secrets gcloud list-secrets