How do I manage public/private key pairs?

Commands

Use the following commands as needed to retrieve information and manage custom key information.

Keys owned by Nokia cannot be managed.

Viewing and saving key details

• To list existing public keys:

  #  kubectl get secrets -A | grep -i -e 'NAMESPACE' -e 'public-key' ↵

  The output displays the namespace and the value of the name parameter in the secret file.

• To retrieve details of a public key:

  #  kubectl -n namespace get secrets name -o yaml ↵

  where namespace and name are the namespace and the name of the public key, as displayed by the list command.

• To load the YAML file into the Kubernetes system:

  #  kubectl -n namespace apply -f filename.yaml ↵

If a public key contains an invalid author name such as Nokia, the metadata includes the following line: cam.additionalInfo: value of author is not valid. If this line is present, a signature using this key is not valid.

Revoking a key

Only one public key can be in use per author. If a private key has been compromised and a new keypair is required, the old key must be revoked before the new key can be created and installed.

To revoke a key:

#  kubectl -n namespace delete secrets name -o yaml ↵

where namespace and name are the namespace and the name of the public key, as displayed by the list command.

If a key has been revoked and replaced, all artifact bundles that were signed with the old key must be signed again. Artifact bundles that are already installed are not affected.