Skip to main content

A tool for safely archiving knot dnssec key material to azure.

Project description

PyPI Build Status codecov


A tool to safely backup the knot kasp-db directory.


usage: knot-keystore [-h] [--socket SOCKET]
                     [--plugins [{local,azure} [{local,azure} ...]]]
                     [--retrieve] [--config-file CONFIG_FILE] [-v]

optional arguments:
  -h, --help            show this help message and exit
  --socket SOCKET, -s SOCKET
                        path to knotc control socket
  --plugins [{local,azure} [{local,azure} ...]], -p [{local,azure} [{local,azure} ...]]
                        select archival plugins
  --retrieve, -r        retrieve archive
  --config-file CONFIG_FILE, -c CONFIG_FILE
                        path to a configuration file
  -v                    increase output verbosity
  • tries to find the kasp-db path by reading knotd config over the control socket.
  • plugins:
    • create an xz-compressed archive and put it somewhere, safely encrypted (default)
    • retrieve and decrypt the stored archive, ready to restore to the kasp-db directory (with --retrieve)

available plugins

  • local: create an encrypted copy of the archive and write it to disk along with the encryption key. Mostly useful for testing.
  • azure: write the archive to an Azure storage blob, first encrypting it using "client-side-encryption" with a KEK stored in Azure Key Vault.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

knot_keystore-0.1.0.tar.gz (9.2 kB view hashes)

Uploaded source

Built Distribution

knot_keystore-0.1.0-py2.py3-none-any.whl (14.4 kB view hashes)

Uploaded py2 py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page