Log in as the root or NSP admin user on the NSP deployer host.

Open a console window.

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵

Enter the following:

Note: The help option lists all command options:

./nspdeployerctl secret help

Note: The describe option lists all secrets and the contained parameters:

./nspdeployerctl secret describe

# ./nspdeployerctl secret -s newsecret -n namespace -v parameter=value create ↵

where

newsecret is the new secret name, which can include only:

• lowercase alphanumeric characters

• hyphen

• period

namespace is the name of the restricted Kubernetes namespace

parameter is the name of the parameter to set in the secret

value is the parameter value to set

The newsecret secret is created, and the following message is displayed:

secret/newsecret created

The secret holds a private key and a public key.

Enter the following to back up all Kubernetes secrets:

1. Enter the following:

   # ./nspdeployerctl secret -o backup_file backup ↵

   where backup_file is the full path and name of the backup file to create

   As the secrets are backed up, messages like the following are displayed for each Kubernetes namespace:

   Backing up secrets to /opt/backupfile...

     Including secret namespace:ca-key-pair-external

     Including secret namespace:ca-key-pair-internal

     Including secret namespace:nsp-tls-store-pass

   When the backup is complete, the following prompt is displayed:

   Please provide an encryption password for backup_file

   enter aes-256-ctr encryption password:

2. Enter a password.

   The following prompt is displayed:

   Verifying - enter aes-256-ctr encryption password:

3. Re-enter the password.

   The backup file is encrypted using the password.

4. Record the password for use when restoring the backup.

5. Record the name of the data center associated with the backup.

6. Transfer the backup file to a secure location in a separate facility for safekeeping.

Close the console window.

End of steps