How do I manage public/private key pairs?
Commands
Use the following commands as needed to retrieve information and manage custom key information.
Keys owned by Nokia cannot be managed.
Viewing and saving key details
-
# kubectl get secrets -A | grep -i -e 'NAMESPACE' -e 'public-key' ↵
The output displays the namespace and the value of the name parameter in the secret file.
-
To retrieve details of a public key:
# kubectl -n namespace get secrets name -o yaml ↵
where namespace and name are the namespace and the name of the public key, as displayed by the list command.
-
To load the YAML file into the Kubernetes system:
# kubectl -n namespace apply -f filename.yaml ↵
If a public key contains an invalid author name such as Nokia, the metadata includes the following line: cam.additionalInfo: value of author is not valid. If this line is present, a signature using this key is not valid.
Revoking a key
Only one public key can be in use per author. If a private key has been compromised and a new keypair is required, the old key must be revoked before the new key can be created and installed.
To revoke a key:
# kubectl -n namespace delete secrets name -o yaml ↵
where namespace and name are the namespace and the name of the public key, as displayed by the list command.
If a key has been revoked and replaced, all artifact bundles that were signed with the old key must be signed again. Artifact bundles that are already installed are not affected.