PKI Password Vault

From Dogtag
Jump to: navigation, search

Overview

This is a mockup of how the CLI for password vault in Dogtag (not IPA) may look like. There is no plan to implement this yet.

Initialization

A random salt is required to generate a vault key from the vault password. The salt can be generated with a separate initialization step, or during the first add operation.

Initialization may be done with a specific command:

$ pki <auth params> vault-init

Or it can use the "change password" command:

$ pki <auth params> vault-password
Password:
Verify password:

Change Password

$ pki <auth params> vault-password
Old password:
New password:
Verify password:

List

$ pki <auth params> vault-find
---------------
2 entries found
---------------
  Secret ID: secret1

  Secret ID: secret2
----------------------------
Number of entries returned 2
----------------------------

Archival

$ pki <auth params> vault-add secret3 --vault-password password --data mysecret
----------------------
Added secret "secret3"
----------------------
  Secret ID: secret3

Retrieval

$ pki <auth params> vault-show secret3 --vault-password password
mysecret

Removal

$ pki <auth params> vault-del secret3
------------------------
Deleted secret "secret3"
------------------------

References