otdfctl policy kas-registry update
update - Update a Key Access Server registration
Synopsis
otdfctl policy kas-registry update [flags]
Description
Update the uri
, metadata
, or key material (remote/cached) for a KAS registered to the platform.
If resource data has been TDFd utilizing key splits from the registered KAS, deletion from the registry (and therefore any associated grants) may prevent decryption depending on the type of grants and relevant key splits.
Make sure you know what you are doing.
For more information about registration of Key Access Servers, see the manual for kas-registry
.
Options
-i
,--id <id>
- ID of the Key Access Server registration (required:
true
)
-u
,--uri <uri>
- URI of the Key Access Server (required:
false
)
-c
,--public-keys <public-keys>
- One or more 'cached' public keys saved for the KAS (required:
false
)
-r
,--public-key-remote <public-key-remote>
- URI of the 'remote' public key of the Key Access Server (required:
false
)
-n
,--name <name>
- Optional name of the registered KAS (must be unique within policy) (required:
false
)
-l
,--label <label>
- Optional metadata 'labels' in the format: key=value (required:
false
)
-
--force-replace-labels <force-replace-labels>
- Destructively replace entire set of existing metadata 'labels' with any provided to this command (required:
false
)
Aliases
u