1OC ADM CA(1)                       June 2016                      OC ADM CA(1)
2
3
4

NAME

6       oc adm ca encrypt - Encrypt data with AES-256-CBC encryption
7
8
9

SYNOPSIS

11       oc adm ca encrypt [OPTIONS]
12
13
14

DESCRIPTION

16       Encrypt data with AES-256-CBC encryption
17
18
19

OPTIONS

21       --genkey=""
22           File to write a randomly generated key to.
23
24
25       --in=""
26           File containing the data to encrypt. Read from stdin if omitted.
27
28
29       --key=""
30           File  containing  the  encrypting key from in the format written by
31       --genkey.
32
33
34       --out=""
35           File to write the encrypted data to. Written to stdout if omitted.
36
37
38

OPTIONS INHERITED FROM PARENT COMMANDS

40       --allow_verification_with_non_compliant_keys=false
41           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
42       non-compliant with RFC6962.
43
44
45       --alsologtostderr=false
46           log to standard error as well as files
47
48
49       --application_metrics_count_limit=100
50           Max number of application metrics to store (per container)
51
52
53       --as=""
54           Username to impersonate for the operation
55
56
57       --as-group=[]
58           Group  to  impersonate for the operation, this flag can be repeated
59       to specify multiple groups.
60
61
62       --azure-container-registry-config=""
63           Path to the file containing Azure container registry  configuration
64       information.
65
66
67       --boot_id_file="/proc/sys/kernel/random/boot_id"
68           Comma-separated  list  of files to check for boot-id. Use the first
69       one that exists.
70
71
72       --cache-dir="/builddir/.kube/http-cache"
73           Default HTTP cache directory
74
75
76       --certificate-authority=""
77           Path to a cert file for the certificate authority
78
79
80       --client-certificate=""
81           Path to a client certificate file for TLS
82
83
84       --client-key=""
85           Path to a client key file for TLS
86
87
88       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
89           CIDRs opened in GCE firewall for LB traffic proxy  health checks
90
91
92       --cluster=""
93           The name of the kubeconfig cluster to use
94
95
96       --container_hints="/etc/cadvisor/container_hints.json"
97           location of the container hints file
98
99
100       --containerd="unix:///var/run/containerd.sock"
101           containerd endpoint
102
103
104       --context=""
105           The name of the kubeconfig context to use
106
107
108       --default-not-ready-toleration-seconds=300
109           Indicates    the    tolerationSeconds   of   the   toleration   for
110       notReady:NoExecute that is added by default to every pod that does  not
111       already have such a toleration.
112
113
114       --default-unreachable-toleration-seconds=300
115           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
116       able:NoExecute that is added by default to  every  pod  that  does  not
117       already have such a toleration.
118
119
120       --docker="unix:///var/run/docker.sock"
121           docker endpoint
122
123
124       --docker-tls=false
125           use TLS to connect to docker
126
127
128       --docker-tls-ca="ca.pem"
129           path to trusted CA
130
131
132       --docker-tls-cert="cert.pem"
133           path to client certificate
134
135
136       --docker-tls-key="key.pem"
137           path to private key
138
139
140       --docker_env_metadata_whitelist=""
141           a  comma-separated  list of environment variable keys that needs to
142       be collected for docker containers
143
144
145       --docker_only=false
146           Only report docker containers in addition to root stats
147
148
149       --docker_root="/var/lib/docker"
150           DEPRECATED: docker root is read from docker info (this is  a  fall‐
151       back, default: /var/lib/docker)
152
153
154       --enable_load_reader=false
155           Whether to enable cpu load reader
156
157
158       --event_storage_age_limit="default=24h"
159           Max length of time for which to store events (per type). Value is a
160       comma separated list of key values, where  the  keys  are  event  types
161       (e.g.: creation, oom) or "default" and the value is a duration. Default
162       is applied to all non-specified event types
163
164
165       --event_storage_event_limit="default=100000"
166           Max number of events to store (per type). Value is  a  comma  sepa‐
167       rated  list  of  key values, where the keys are event types (e.g.: cre‐
168       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
169       applied to all non-specified event types
170
171
172       --global_housekeeping_interval=0
173           Interval between global housekeepings
174
175
176       --housekeeping_interval=0
177           Interval between container housekeepings
178
179
180       --insecure-skip-tls-verify=false
181           If true, the server's certificate will not be checked for validity.
182       This will make your HTTPS connections insecure
183
184
185       --kubeconfig=""
186           Path to the kubeconfig file to use for CLI requests.
187
188
189       --log-flush-frequency=0
190           Maximum number of seconds between log flushes
191
192
193       --log_backtrace_at=:0
194           when logging hits line file:N, emit a stack trace
195
196
197       --log_cadvisor_usage=false
198           Whether to log the usage of the cAdvisor container
199
200
201       --log_dir=""
202           If non-empty, write log files in this directory
203
204
205       --logtostderr=true
206           log to standard error instead of files
207
208
209       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
210           Comma-separated list of files to  check  for  machine-id.  Use  the
211       first one that exists.
212
213
214       --match-server-version=false
215           Require server version to match client version
216
217
218       -n, --namespace=""
219           If present, the namespace scope for this CLI request
220
221
222       --request-timeout="0"
223           The  length  of  time  to  wait before giving up on a single server
224       request. Non-zero values should contain a corresponding time unit (e.g.
225       1s, 2m, 3h). A value of zero means don't timeout requests.
226
227
228       -s, --server=""
229           The address and port of the Kubernetes API server
230
231
232       --stderrthreshold=2
233           logs at or above this threshold go to stderr
234
235
236       --storage_driver_buffer_duration=0
237           Writes  in  the  storage driver will be buffered for this duration,
238       and committed to the non memory backends as a single transaction
239
240
241       --storage_driver_db="cadvisor"
242           database name
243
244
245       --storage_driver_host="localhost:8086"
246           database host:port
247
248
249       --storage_driver_password="root"
250           database password
251
252
253       --storage_driver_secure=false
254           use secure connection with database
255
256
257       --storage_driver_table="stats"
258           table name
259
260
261       --storage_driver_user="root"
262           database username
263
264
265       --token=""
266           Bearer token for authentication to the API server
267
268
269       --user=""
270           The name of the kubeconfig user to use
271
272
273       -v, --v=0
274           log level for V logs
275
276
277       --version=false
278           Print version information and quit
279
280
281       --vmodule=
282           comma-separated list of pattern=N settings for  file-filtered  log‐
283       ging
284
285
286

EXAMPLE

288                # Encrypt the content of secret.txt with a generated key:
289                oc adm ca encrypt --genkey=secret.key --in=secret.txt --out=secret.encrypted
290
291                # Encrypt the content of secret2.txt with an existing key:
292                oc adm ca encrypt --key=secret.key < secret2.txt > secret2.encrypted
293
294
295
296

SEE ALSO

298       oc-adm-ca(1),
299
300
301

HISTORY

303       June 2016, Ported from the Kubernetes man-doc generator
304
305
306
307Openshift                  Openshift CLI User Manuals             OC ADM CA(1)
Impressum