mirror of
https://github.com/coder/coder.git
synced 2026-06-03 04:58:23 +00:00
Cian Johnston
7d7c84bb4d
See also: https://github.com/coder/coder/pull/9522 - Adds commands `server dbcrypt {rotate,decrypt,delete}` to re-encrypt, decrypt, or delete encrypted data, respectively. - Plumbs through dbcrypt in enterprise/coderd (including unit tests). - Adds documentation in admin/encryption.md. This enables dbcrypt by default, but the feature is soft-enforced on supplying external token encryption keys. Without specifying any keys, encryption/decryption is a no-op.
646 B
646 B
Usage: coder server dbcrypt rotate [flags]
Rotate database encryption keys.
Options
--new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY
The new external token encryption key. Must be base64-encoded.
--old-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS
The old external token encryption keys. Must be a comma-separated list
of base64-encoded keys.
--postgres-url string, $CODER_PG_CONNECTION_URL
The connection URL for the Postgres database.
-y, --yes bool
Bypass prompts.
---
Run `coder --help` for a list of global options.
Rotate database encryption keys.
Options
--new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY
The new external token encryption key. Must be base64-encoded.
--old-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS
The old external token encryption keys. Must be a comma-separated list
of base64-encoded keys.
--postgres-url string, $CODER_PG_CONNECTION_URL
The connection URL for the Postgres database.
-y, --yes bool
Bypass prompts.
---
Run `coder --help` for a list of global options.