dsetool createsystemkey

Synopsis

dsetool createsystemkey
[<cipher_algorithm>[/<mode>/<padding>]
[<length>] [<key_name>]
[-d <filepath>] [-k=<kmip_groupname>
[-t <kmip_template>] [-n <namespace>]]

Syntax legend

Syntax conventions Description

Syntax conventions	Description
Italic, bold, or `< >`	Syntax diagrams and code samples use one or more of these styles to mark placeholders for variable values. Replace placeholders with a valid option or your own user-defined value. In CQL statements, angle brackets are required to enclose data types in a set, list, map, or tuple. Separate the data types with a comma. For example: `<datatype2` In Search CQL statements, angle brackets are used to identify the entity and literal value to overwrite the XML element in the schema and `solrconfig` files, such as `@<xml_entity>='<xml_entity_type>'`.
`[ ]`	Square brackets surround optional command arguments. Do not type the square brackets.
`( )`	Parentheses identify a group to choose from. Do not type the parentheses.
`\|`	A pipe separates alternative elements. Type any one of the elements. Do not type the pipe.
`...`	Indicates that you can repeat the syntax element as often as required.
`'`	Single quotation marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case. + For Search CQL only: Single quotation marks surround an entire XML schema declaration, such as `'<<schema> ... </schema>>'`
`{ }`	Map collection. Curly braces enclose maps (`{ <key_datatype>:<value_datatype> }`) or key value pairs (`{ <key>:<value> }`). A colon separates the key and the value.
`;`	Ends a CQL statement.
`--`	Separate command line options from command arguments with two hyphens. This syntax is useful when arguments might be mistaken for command line options.

Italic, bold, or < >

Syntax diagrams and code samples use one or more of these styles to mark placeholders for variable values. Replace placeholders with a valid option or your own user-defined value.

In CQL statements, angle brackets are required to enclose data types in a set, list, map, or tuple. Separate the data types with a comma. For example: <datatype2

In Search CQL statements, angle brackets are used to identify the entity and literal value to overwrite the XML element in the schema and solrconfig files, such as @<xml_entity>='<xml_entity_type>'.

[ ]

Square brackets surround optional command arguments. Do not type the square brackets.

( )

Parentheses identify a group to choose from. Do not type the parentheses.

|

A pipe separates alternative elements. Type any one of the elements. Do not type the pipe.

...

Indicates that you can repeat the syntax element as often as required.

'

Single quotation marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case. + For Search CQL only: Single quotation marks surround an entire XML schema declaration, such as '<<schema> ... </schema>>'

{ }

Map collection. Curly braces enclose maps ({ <key_datatype>:<value_datatype> }) or key value pairs ({ <key>:<value> }). A colon separates the key and the value.

;

Ends a CQL statement.

--

Separate command line options from command arguments with two hyphens. This syntax is useful when arguments might be mistaken for command line options.

cipher_algorithm[/mode/padding]

DSE supports the following JCE cipher algorithms and corresponding length:

AES/CBC/PKCS5Padding: Valid with length 128, 192, or 256. The default is AES/CBC/PKCS5Padding with length 128.
AES/ECB/PKCS5Padding: Valid with length 128, 192, or 256.
DES/CBC/PKCS5Padding: Valid with length 56.
DESede/CBC/PKCS5Padding: Valid with length 112 or 168.
Blowfish/CBC/PKCS5Padding: Valid with length 32-448.
RC2/CBC/PKCS5Padding: Valid with length 40-128.

-d filepath, --directory filepath: Key file output directory. Enables creating key files before DSE is installed. This option is typically used by IT automation tools like Ansible. When no directory is specified, keys are saved to the value of system_key_directory in dse.yaml.

length: Required if cipher_algorithm is specified. Key length is not required for HMAC algorithms. Default value: 128 (with the default cipher algorithm AES/CBC/PKCS5Padding)

key_name: Unique file name for the generated system key file. Encryption key files can have any valid Unix name. When no name is specified, the default file name is system_key. The default key file name is not configurable.
-k=kmip_groupname: The name of the KMIP group that is defined in the kmip_hosts section of dse.yaml.

-t kmip_template: The key template on the specified KMIP provider.

-n namespace: Namespace on the specified KMIP provider.

Examples

Create a local key file where system_key2 is the unique file name for the generated key file:

dsetool createsystemkey 'AES/ECB/PKCS5Padding' 128 system_key2

Create an off-server key file where group2 is the key server group defined in the kmip_hosts section of dse.yaml:

dsetool createsystemkey 'AES/ECB/PKCS5Padding' 128 system_key2 -kmip=group2

Create a local key file in a specific directory:

dsetool createsystemkey 'AES/ECB/PKCS5Padding' 128 -d /mydir

See Setting up local encryption keys.

dsetool createsystemkey

Synopsis

Examples

Was this helpful?

Give Feedback