Last active
December 1, 2020 19:12
-
-
Save 01000101/8bec2ef221e651abd00cf8865ed5e5db to your computer and use it in GitHub Desktop.
Using OpenStack Barbican to store an RSA public key with a KMIP / SafeNet backend
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an RSA 2048-bit private key (PEM format) | |
| openssl genrsa -out my-secret.pem 2048 | |
| # Extract the RSA public key | |
| openssl rsa -in my-secret.pem -out my-secret.pem.pub -pubout | |
| # Store the RSA public key in Barbican | |
| # This was tested against a SafeNet AT KeySecure G460 HSM (via KMIP) | |
| openstack secret store \ | |
| --algorithm rsa \ | |
| --secret-type public \ | |
| --payload-content-type application/octet-stream \ | |
| --payload-content-encoding base64 \ | |
| --payload "$(base64 < my-secret.pem.pub)" \ | |
| --bit-length 2048 \ | |
| --name pubtest | |
| # Then to retrieve the RSA public key... | |
| openstack secret get -p -c Payload -f value <Secret href> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment