mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
7d7c84bb4d
See also: https://github.com/coder/coder/pull/9522 - Adds commands `server dbcrypt {rotate,decrypt,delete}` to re-encrypt, decrypt, or delete encrypted data, respectively. - Plumbs through dbcrypt in enterprise/coderd (including unit tests). - Adds documentation in admin/encryption.md. This enables dbcrypt by default, but the feature is soft-enforced on supplying external token encryption keys. Without specifying any keys, encryption/decryption is a no-op.
49 lines
1.4 KiB
Markdown
Generated
49 lines
1.4 KiB
Markdown
Generated
<!-- DO NOT EDIT | GENERATED CONTENT -->
|
|
|
|
# server dbcrypt rotate
|
|
|
|
Rotate database encryption keys.
|
|
|
|
## Usage
|
|
|
|
```console
|
|
coder server dbcrypt rotate [flags]
|
|
```
|
|
|
|
## Options
|
|
|
|
### --new-key
|
|
|
|
| | |
|
|
| ----------- | ------------------------------------------------------------- |
|
|
| Type | <code>string</code> |
|
|
| Environment | <code>$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY</code> |
|
|
|
|
The new external token encryption key. Must be base64-encoded.
|
|
|
|
### --old-keys
|
|
|
|
| | |
|
|
| ----------- | -------------------------------------------------------------- |
|
|
| Type | <code>string-array</code> |
|
|
| Environment | <code>$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS</code> |
|
|
|
|
The old external token encryption keys. Must be a comma-separated list of base64-encoded keys.
|
|
|
|
### --postgres-url
|
|
|
|
| | |
|
|
| ----------- | ------------------------------------- |
|
|
| Type | <code>string</code> |
|
|
| Environment | <code>$CODER_PG_CONNECTION_URL</code> |
|
|
|
|
The connection URL for the Postgres database.
|
|
|
|
### -y, --yes
|
|
|
|
| | |
|
|
| ---- | ----------------- |
|
|
| Type | <code>bool</code> |
|
|
|
|
Bypass prompts.
|