A tool for safely archiving knot dnssec key material to azure.
Project description
knot-keystore
A tool to safely backup the knot kasp-db directory.
overview
usage: knot-keystore [-h] [--socket SOCKET]
[--plugins [{local,azure} [{local,azure} ...]]]
[--retrieve] [--config-file CONFIG_FILE] [-v]
optional arguments:
-h, --help show this help message and exit
--socket SOCKET, -s SOCKET
path to knotc control socket
--plugins [{local,azure} [{local,azure} ...]], -p [{local,azure} [{local,azure} ...]]
select archival plugins
--retrieve, -r retrieve archive
--config-file CONFIG_FILE, -c CONFIG_FILE
path to a configuration file
-v increase output verbosity
- tries to find the kasp-db path by reading
knotd
config over the control socket. - plugins:
- create an xz-compressed archive and put it somewhere, safely encrypted (default)
- retrieve and decrypt the stored archive, ready to restore to the kasp-db
directory (with
--retrieve
)
available plugins
local
: create an encrypted copy of the archive and write it to disk along with the encryption key. Mostly useful for testing.azure
: write the archive to an Azure storage blob, first encrypting it using "client-side-encryption" with a KEK stored in Azure Key Vault.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
knot_keystore-0.1.0.tar.gz
(9.2 kB
view hashes)
Built Distribution
Close
Hashes for knot_keystore-0.1.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 15b1d6131ead4b8968f9ea85ad7ec0e3294cf398196abb344349022001d2170c |
|
MD5 | d7dda39965ba8c061aad94f69330fa15 |
|
BLAKE2b-256 | 9c9fc89c4430d29d1fe1b44cb80fde0ca82a669af0dcd809f8a83654387811c0 |