Files
coder/docs/cli/server_dbcrypt_rotate.md
Cian Johnston 7d7c84bb4d feat(coderd): connect dbcrypt package implementation (#9523)
See also: https://github.com/coder/coder/pull/9522

- Adds commands `server dbcrypt {rotate,decrypt,delete}` to re-encrypt, decrypt, or delete encrypted data, respectively.
- Plumbs through dbcrypt in enterprise/coderd (including unit tests).
- Adds documentation in admin/encryption.md.

This enables dbcrypt by default, but the feature is soft-enforced on supplying external token encryption keys. Without specifying any keys, encryption/decryption is a no-op.
2023-09-07 15:49:49 +01:00

49 lines
1.4 KiB
Markdown
Generated

<!-- DO NOT EDIT | GENERATED CONTENT -->
# server dbcrypt rotate
Rotate database encryption keys.
## Usage
```console
coder server dbcrypt rotate [flags]
```
## Options
### --new-key
| | |
| ----------- | ------------------------------------------------------------- |
| Type | <code>string</code> |
| Environment | <code>$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY</code> |
The new external token encryption key. Must be base64-encoded.
### --old-keys
| | |
| ----------- | -------------------------------------------------------------- |
| Type | <code>string-array</code> |
| Environment | <code>$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS</code> |
The old external token encryption keys. Must be a comma-separated list of base64-encoded keys.
### --postgres-url
| | |
| ----------- | ------------------------------------- |
| Type | <code>string</code> |
| Environment | <code>$CODER_PG_CONNECTION_URL</code> |
The connection URL for the Postgres database.
### -y, --yes
| | |
| ---- | ----------------- |
| Type | <code>bool</code> |
Bypass prompts.