Skip to main content

otdfctl policy kas-registry update

update - Update a Key Access Server registration

Synopsis

otdfctl policy kas-registry update [flags]

Description

Update the uri, metadata, or key material (remote/cached) for a KAS registered to the platform.

If resource data has been TDFd utilizing key splits from the registered KAS, deletion from the registry (and therefore any associated grants) may prevent decryption depending on the type of grants and relevant key splits.

Make sure you know what you are doing.

For more information about registration of Key Access Servers, see the manual for kas-registry.

Options

-i, --id <id>
ID of the Key Access Server registration (required: true)
-u, --uri <uri>
URI of the Key Access Server (required: false)
-p, --public-keys <public-keys>
One or more public keys saved for the KAS (required: false)
-r, --public-key-remote <public-key-remote>
URI of the public key of the Key Access Server (required: false)
-l, --label <label>
Optional metadata 'labels' in the format: key=value (required: false)
--force-replace-labels <force-replace-labels>
Destructively replace entire set of existing metadata 'labels' with any provided to this command (required: false)

Aliases

u