1OC ADM CA(1)                       June 2016                      OC ADM CA(1)
2
3
4

NAME

6       oc adm ca decrypt - Decrypt data encrypted with "oc adm ca encrypt"
7
8
9

SYNOPSIS

11       oc adm ca decrypt [OPTIONS]
12
13
14

DESCRIPTION

16       Decrypt data encrypted with "oc adm ca encrypt"
17
18
19

OPTIONS

21       --in=""
22           File containing encrypted data, in the format written by "oc adm ca
23       encrypt".
24
25
26       --key=""
27           The file to read the decrypting key from. Must be a PEM file in the
28       format written by "oc adm ca encrypt".
29
30
31       --out=""
32           File to write the decrypted data to. Written to stdout if omitted.
33
34
35

OPTIONS INHERITED FROM PARENT COMMANDS

37       --allow_verification_with_non_compliant_keys=false
38           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
39       non-compliant with RFC6962.
40
41
42       --alsologtostderr=false
43           log to standard error as well as files
44
45
46       --application_metrics_count_limit=100
47           Max number of application metrics to store (per container)
48
49
50       --as=""
51           Username to impersonate for the operation
52
53
54       --as-group=[]
55           Group to impersonate for the operation, this flag can  be  repeated
56       to specify multiple groups.
57
58
59       --azure-container-registry-config=""
60           Path  to the file containing Azure container registry configuration
61       information.
62
63
64       --boot_id_file="/proc/sys/kernel/random/boot_id"
65           Comma-separated list of files to check for boot-id. Use  the  first
66       one that exists.
67
68
69       --cache-dir="/builddir/.kube/http-cache"
70           Default HTTP cache directory
71
72
73       --certificate-authority=""
74           Path to a cert file for the certificate authority
75
76
77       --client-certificate=""
78           Path to a client certificate file for TLS
79
80
81       --client-key=""
82           Path to a client key file for TLS
83
84
85       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
86           CIDRs opened in GCE firewall for LB traffic proxy  health checks
87
88
89       --cluster=""
90           The name of the kubeconfig cluster to use
91
92
93       --container_hints="/etc/cadvisor/container_hints.json"
94           location of the container hints file
95
96
97       --containerd="unix:///var/run/containerd.sock"
98           containerd endpoint
99
100
101       --context=""
102           The name of the kubeconfig context to use
103
104
105       --default-not-ready-toleration-seconds=300
106           Indicates   the   tolerationSeconds   of   the    toleration    for
107       notReady:NoExecute  that is added by default to every pod that does not
108       already have such a toleration.
109
110
111       --default-unreachable-toleration-seconds=300
112           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
113       able:NoExecute  that  is  added  by  default to every pod that does not
114       already have such a toleration.
115
116
117       --docker="unix:///var/run/docker.sock"
118           docker endpoint
119
120
121       --docker-tls=false
122           use TLS to connect to docker
123
124
125       --docker-tls-ca="ca.pem"
126           path to trusted CA
127
128
129       --docker-tls-cert="cert.pem"
130           path to client certificate
131
132
133       --docker-tls-key="key.pem"
134           path to private key
135
136
137       --docker_env_metadata_whitelist=""
138           a comma-separated list of environment variable keys that  needs  to
139       be collected for docker containers
140
141
142       --docker_only=false
143           Only report docker containers in addition to root stats
144
145
146       --docker_root="/var/lib/docker"
147           DEPRECATED:  docker  root is read from docker info (this is a fall‐
148       back, default: /var/lib/docker)
149
150
151       --enable_load_reader=false
152           Whether to enable cpu load reader
153
154
155       --event_storage_age_limit="default=24h"
156           Max length of time for which to store events (per type). Value is a
157       comma  separated  list  of  key  values, where the keys are event types
158       (e.g.: creation, oom) or "default" and the value is a duration. Default
159       is applied to all non-specified event types
160
161
162       --event_storage_event_limit="default=100000"
163           Max  number  of  events to store (per type). Value is a comma sepa‐
164       rated list of key values, where the keys are event  types  (e.g.:  cre‐
165       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
166       applied to all non-specified event types
167
168
169       --global_housekeeping_interval=0
170           Interval between global housekeepings
171
172
173       --housekeeping_interval=0
174           Interval between container housekeepings
175
176
177       --insecure-skip-tls-verify=false
178           If true, the server's certificate will not be checked for validity.
179       This will make your HTTPS connections insecure
180
181
182       --kubeconfig=""
183           Path to the kubeconfig file to use for CLI requests.
184
185
186       --log-flush-frequency=0
187           Maximum number of seconds between log flushes
188
189
190       --log_backtrace_at=:0
191           when logging hits line file:N, emit a stack trace
192
193
194       --log_cadvisor_usage=false
195           Whether to log the usage of the cAdvisor container
196
197
198       --log_dir=""
199           If non-empty, write log files in this directory
200
201
202       --logtostderr=true
203           log to standard error instead of files
204
205
206       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
207           Comma-separated  list  of  files  to  check for machine-id. Use the
208       first one that exists.
209
210
211       --match-server-version=false
212           Require server version to match client version
213
214
215       -n, --namespace=""
216           If present, the namespace scope for this CLI request
217
218
219       --request-timeout="0"
220           The length of time to wait before giving  up  on  a  single  server
221       request. Non-zero values should contain a corresponding time unit (e.g.
222       1s, 2m, 3h). A value of zero means don't timeout requests.
223
224
225       -s, --server=""
226           The address and port of the Kubernetes API server
227
228
229       --stderrthreshold=2
230           logs at or above this threshold go to stderr
231
232
233       --storage_driver_buffer_duration=0
234           Writes in the storage driver will be buffered  for  this  duration,
235       and committed to the non memory backends as a single transaction
236
237
238       --storage_driver_db="cadvisor"
239           database name
240
241
242       --storage_driver_host="localhost:8086"
243           database host:port
244
245
246       --storage_driver_password="root"
247           database password
248
249
250       --storage_driver_secure=false
251           use secure connection with database
252
253
254       --storage_driver_table="stats"
255           table name
256
257
258       --storage_driver_user="root"
259           database username
260
261
262       --token=""
263           Bearer token for authentication to the API server
264
265
266       --user=""
267           The name of the kubeconfig user to use
268
269
270       -v, --v=0
271           log level for V logs
272
273
274       --version=false
275           Print version information and quit
276
277
278       --vmodule=
279           comma-separated  list  of pattern=N settings for file-filtered log‐
280       ging
281
282
283

EXAMPLE

285                # Decrypt an encrypted file to a cleartext file:
286                oc adm ca decrypt --key=secret.key --in=secret.encrypted --out=secret.decrypted
287
288                # Decrypt from stdin to stdout:
289                oc adm ca decrypt --key=secret.key < secret2.encrypted > secret2.decrypted
290
291
292
293

SEE ALSO

295       oc-adm-ca(1),
296
297
298

HISTORY

300       June 2016, Ported from the Kubernetes man-doc generator
301
302
303
304Openshift                  Openshift CLI User Manuals             OC ADM CA(1)
Impressum