NAME¶

pvsecret-create-retrievable - Create a retrievable secret

SYNOPSIS¶

pvsecret create retrievable [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>
pvsecret create retr [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>

DESCRIPTION¶

A retrievable secret is stored in the per-guest storage of the Ultravisor. A SE-guest can retrieve the secret at runtime and use it. All retrievable secrets, but the plaintext secret, are retrieved as wrapped/protected key objects and only usable inside the current, running SE-guest instance.

OPTIONS¶

<NAME>

String that identifies the new secret. The actual secret is set with --secret. The name is saved in `NAME.yaml` with white-spaces mapped to `_`.

--stdout

Print the hashed name to stdout. The hashed name is not written to `NAME.yaml`

--secret <SECRET-FILE>

Use SECRET-FILE as retrievable secret.

--type <TYPE>

Specify the secret type. Limitations to the input data apply depending on the secret type.

Possible values:

- plain: A plaintext secret. Can be any file up to 8190 bytes long.

- aes: An AES key. Must be a plain byte file 128, 192, or 256 bit long.

- aes-xts: An AES-XTS key. Must be a plain byte file 512, or 1024 bit long.

- hmac-sha: A HMAC-SHA key. Must be a plain byte file 512, or 1024 bit long.

- ec: An elliptic curve private key. Must be a PEM or DER file.

-h, --help

Print help (see a summary with -h).

Source file:	pvsecret-create-retrievable.1.en.gz (from s390-tools 2.37.0-2.2)
Source last updated:	2025-02-24T06:51:08Z
Converted to HTML:	2025-04-21T02:50:26Z

NAME¶

SYNOPSIS¶

DESCRIPTION¶

OPTIONS¶

SEE ALSO¶