jgaunt/truenas-kmip-unlocker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed typos and updated debug command

Browse Source
This commit is contained in:
jgaunt
2020-09-23 21:31:47 -04:00
parent 22fd9fdc31
commit 342a529c58
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -9,7 +9,7 @@ pip install pykmip
```
#### Setup the PyKMIP.conf file
A sample file is inlcuded [here](pykmip/client.conf.sample) and sould be used a base. Please copy the file and change the variables, the cert paths will need to absolute.
A sample file is inlcuded [here](pykmip/client.conf.sample) and sould be used a base. Please copy the file (removing the .sample) and change the variables, the cert paths will need to absolute.
```ini
[client]
host=127.0.0.1
@@ -26,9 +26,9 @@ suppress_ragged_eofs=True
#### Encrypt your secrets
* Encrypt your root password for Freenas
* Encrypt the passphrase for your pool
* Encrypt remain pool passphrases as needed
* Encrypt your remaining pool passphrases as needed
Run the following command to encrypt your secrets, it will ask for you passphrase/password that you want to encrypt and to confirm it before outputting the encrypted passphrase. Take the encrypted secret and create a new section in the config ini file for the pool; your encrtyped root password goes into the DEFAULT section. The section name will be the pool name and the only key in that section is the encrypted_key which will be this value.
Run the following command to encrypt your secrets, it will ask for your pool passphrase/password that you want to encrypt and to confirm it before outputting the encrypted passphrase. Take the encrypted secret and create a new section in the config ini file for the pool; your encrypted root password goes into the DEFAULT section. The section name will be the pool name and the only key in that section is the encrypted_key which will be this value.
```shell
python truenas-kmip-unlock.py --encrypt
```
@@ -40,8 +40,7 @@ python /root/truenas-kmip-unlocker/truenas-kmip-unlock.py
```
#### Debugging
Nothing is logged to a file for this. Everything is outputted to the console. If the debugging level is set to **DEBUG**, all passphrases will be outputted in plain text. This is to ensure the decryption is working correctly.
To enabled debug mode, change the line below to **DEBUG** instead of INFO
Nothing is logged to a file for this. Everything is output to the console. To enabled debug mode, pass the **[-v|--verbose]** argument when running the command. If the verbose argument is passed in, all passphrases will be outputted in plain text to the console. This is to ensure the decryption is working correctly.
```python
logger = utils.build_console_logger(logging.INFO)
python /root/truenas-kmip-unlocker/truenas-kmip-unlock.py --verbose
```