Introduction to the Crypttool¶
The goal is to provide a tool that can be used by operators to encrypt and decrypt secrets in their PAAS files using public keys provided by the operator.
The tool can also be used to decrypt secrets in PAAS files using the old public keys provided by the operator and then re-encrypt them with a new key.
This can be used by operators who have a new key and are ready to replace the old keys, for example as part of a migration process or as part of a regular key rotation process.
This documentation site is arranged into a generic section called overview and a developer section.
If you have any questions or feel that certain parts of the documentation can be improved or expanded, feel free to create a PR (Pull Request).
For full contribution guidelines, see the CONTRIBUTING.md
file in the root of
the repository, the About >> Contributing section and/or the
Development Guide.
Basic usage¶
Re-encrypting secrets with a new key¶
The most common use case is to re-encrypt secrets in PAAS files using a new key:
crypttool reencrypt --privateKeyFiles "/tmp/priv" --publicKeyFile "/tmp/pub" [file or dir] ([file or dir]...)
Creating a new key pair¶
You can create a new key pair with the keygen
command. This will generate a new
key pair and save it to a file.
crypttool generate --publicKeyFile "/tmp/pub" --privateKeyFile "/tmp/priv"
Encrypting secrets in PAAS files¶
The encrypt
command can be used to encrypt secrets in PAAS files. This will
create a new encrypted version of the file, using the key pair specified with the
--publicKeyFile
flag.
crypttool encrypt --publicKeyFile "/tmp/pub" --dataFile "/tmp/decrypted" --paas my-paas
Decrypting secrets in PAAS files¶
The decrypt
command can be used to decrypt secrets in PAAS files. This will
create a new decrypted version of the file, using the key pair specified with the
--publicKeyFile
flag.
crypttool decrypt --privateKeyFiles "/tmp/priv" --paas my-paas