otdfctl encrypt
encrypt [file] - Encrypt file or stdin as a TDF
Synopsis
otdfctl encrypt [flags]
Description
Build a Trusted Data Format (TDF) with encrypted content from a specified file or input from stdin utilizing OpenTDF platform.
Examples:
# output to stdout
echo "some text" | otdfctl encrypt
otdfctl encrypt hello.txt
# pipe stdout to a bucket
echo "my secret" | otdfctl encrypt | aws s3 cp - s3://my-bucket/secret.txt.tdf
# output hello.txt.tdf in root directory
echo "hello world" | otdfctl encrypt -o hello.txt
cat hello.txt | otdfctl encrypt -o hello.txt
cat hello.txt | otdfctl encrypt -o hello.txt.tdf #.tdf extension is only added once
Options
-o
,--out <out>
- The output file TDF in the current working directory instead of stdout ('-o file.txt' and '-o file.txt.tdf' both write the TDF as file.txt.tdf). (required:
false
)
-a
,--attr <attr>
- Attribute value Fully Qualified Names (FQNs, i.e. 'https://example.com/attr/attr1/value/value1') to apply to the encrypted data. (required:
false
)
-
--mime-type <mime-type>
- The MIME type of the input data. If not provided, the MIME type is inferred from the input data. (required:
false
)
-t
,--tdf-type <tdf-type>
- The type of tdf to encrypt as. TDF3 supports structured manifests and larger payloads. Nano has a smaller footprint and more performant, but does not support structured manifests or large payloads. (required:
false
) (default:tdf3
)
-
--ecdsa-binding <ecdsa-binding>
- For nano type containers only, enables ECDSA policy binding (required:
false
)
-
--kas-url-path <kas-url-path>
- URL path to the KAS service at the platform endpoint domain. Leading slash is required if needed. (required:
false
) (default:/kas
)