Merge "Adding commands to get and set encryption configs"

This commit is contained in:
Zuul 2020-09-16 22:47:59 +00:00 committed by Gerrit Code Review
commit d87eea6544
22 changed files with 731 additions and 32 deletions

View File

@ -40,6 +40,9 @@ func NewConfigCommand(cfgFactory config.Factory) *cobra.Command {
configRootCmd.AddCommand(NewGetManifestCommand(cfgFactory))
configRootCmd.AddCommand(NewSetManifestCommand(cfgFactory))
configRootCmd.AddCommand(NewGetEncryptionConfigCommand(cfgFactory))
configRootCmd.AddCommand(NewSetEncryptionConfigCommand(cfgFactory))
// Init will have different factory
configRootCmd.AddCommand(NewInitCommand())
return configRootCmd

View File

@ -0,0 +1,76 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package config
import (
"fmt"
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
)
const (
getEncryptionConfigsLong = `
Display a specific encryption config information, or all defined encryption configs if no name is provided.
`
getEncryptionConfigsExample = `
# List all the encryption configs airshipctl knows about
airshipctl config get-encryption-configs
# Display a specific encryption config
airshipctl config get-encryption-config exampleConfig
`
)
// NewGetEncryptionConfigCommand creates a command that enables printing an encryption configuration to stdout.
func NewGetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
cmd := &cobra.Command{
Use: "get-encryption-config NAME",
Short: "Get an encryption config information from the airshipctl config",
Long: getEncryptionConfigsLong[1:],
Example: getEncryptionConfigsExample,
Args: cobra.MaximumNArgs(1),
Aliases: []string{"get-encryption-configs"},
RunE: func(cmd *cobra.Command, args []string) error {
airconfig, err := cfgFactory()
if err != nil {
return err
}
if len(args) == 1 {
name := args[0]
encryptionConfig, exists := airconfig.EncryptionConfigs[name]
if !exists {
return config.ErrEncryptionConfigurationNotFound{
Name: fmt.Sprintf("Encryption Config with name '%s'", name),
}
}
fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
} else {
encryptionConfigs := airconfig.GetEncryptionConfigs()
if len(encryptionConfigs) == 0 {
fmt.Fprintln(cmd.OutOrStdout(), "No Encryption Config found in the configuration.")
}
for _, encryptionConfig := range encryptionConfigs {
fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
}
}
return nil
},
}
return cmd
}

View File

@ -0,0 +1,67 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package config_test
import (
"testing"
cmd "opendev.org/airship/airshipctl/cmd/config"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/testutil"
)
func TestGetEncryptionConfigCmd(t *testing.T) {
settings := func() (*config.Config, error) {
return &config.Config{
EncryptionConfigs: map[string]*config.EncryptionConfig{
config.AirshipDefaultContext: testutil.DummyEncryptionConfig(),
},
}, nil
}
emptySettings := func() (*config.Config, error) {
return &config.Config{}, nil
}
cmdTests := []*testutil.CmdTest{
{
Name: "get-encryption-config-with-help",
CmdLine: "--help",
Cmd: cmd.NewGetEncryptionConfigCommand(nil),
},
{
Name: "get-encryption-config-not-found",
CmdLine: "foo",
Cmd: cmd.NewGetEncryptionConfigCommand(emptySettings),
Error: config.ErrEncryptionConfigurationNotFound{Name: "foo"},
},
{
Name: "get-encryption-config-all",
CmdLine: "",
Cmd: cmd.NewGetEncryptionConfigCommand(settings),
},
{
Name: "get-empty-encryption-config",
CmdLine: config.AirshipDefaultContext,
Cmd: cmd.NewGetEncryptionConfigCommand(settings),
},
}
for _, tt := range cmdTests {
testutil.RunTest(t, tt)
}
}

View File

@ -36,6 +36,7 @@ airshipctl config set-context exampleContext \
--manifest=exampleManifest \
--user=exampleUser
--cluster-type=target
--encryption-config=exampleEncryptionConfig
# Update the manifest of the current-context
airshipctl config set-context \
@ -108,6 +109,12 @@ func addSetContextFlags(o *config.ContextOptions, cmd *cobra.Command) {
"",
"set the manifest for the specified context")
flags.StringVar(
&o.EncryptionConfig,
"encryption-config",
"",
"set the encryption config for the specified context")
flags.StringVar(
&o.Namespace,
"namespace",

View File

@ -30,10 +30,11 @@ import (
)
const (
testUser = "admin@kubernetes"
defaultManifest = "edge_cloud"
defaultNamespace = "kube-system"
testManifest = "test_manifest"
testUser = "admin@kubernetes"
defaultManifest = "edge_cloud"
defaultNamespace = "kube-system"
testManifest = "test_manifest"
testEncryptionConfig = "test_encryption_config"
)
type setContextTest struct {
@ -73,11 +74,12 @@ func TestSetContext(t *testing.T) {
defer cleanupGiven(t)
tests := []struct {
testName string
contextName string
flags []string
givenConfig *config.Config
manifest string
testName string
contextName string
flags []string
givenConfig *config.Config
manifest string
encryptionConfig string
}{
{
testName: "set-context",
@ -87,9 +89,11 @@ func TestSetContext(t *testing.T) {
"--user=" + testUser,
"--manifest=" + defaultManifest,
"--namespace=" + defaultNamespace,
"--encryption-config=" + testEncryptionConfig,
},
givenConfig: given,
manifest: defaultManifest,
givenConfig: given,
manifest: defaultManifest,
encryptionConfig: testEncryptionConfig,
},
{
testName: "set-current-context",
@ -106,6 +110,15 @@ func TestSetContext(t *testing.T) {
givenConfig: given,
manifest: testManifest,
},
{
testName: "modify-context",
contextName: "def_target",
flags: []string{
"--encryption-config=" + testEncryptionConfig,
},
givenConfig: given,
encryptionConfig: testEncryptionConfig,
},
}
for _, tt := range tests {

View File

@ -0,0 +1,106 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package config
import (
"fmt"
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
)
const (
setEncryptionConfigLong = `
Create or modify an encryption config in the airshipctl config file.
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
`
setEncryptionConfigExample = `
# Create an encryption config with local gpg key source
airshipctl config set-encryption-config exampleConfig \
--encryption-key path-to-encryption-key \
--decryption-key path-to-encryption-key
# Create an encryption config with kube api server secret as the store to store encryption keys
airshipctl config set-encryption-config exampleConfig \
--secret-name secretName \
--secret-namespace secretNamespace
`
)
// NewSetEncryptionConfigCommand creates a command for creating and modifying encryption
// configs in the airshipctl config file.
func NewSetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
o := &config.EncryptionConfigOptions{}
cmd := &cobra.Command{
Use: "set-encryption-config NAME",
Short: "Manage encryption configs in airship config",
Long: setEncryptionConfigLong[1:],
Example: setEncryptionConfigExample,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
cfg, err := cfgFactory()
if err != nil {
return err
}
o.Name = args[0]
modified, err := config.RunSetEncryptionConfig(o, cfg, true)
if err != nil {
return err
}
if modified {
fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q modified.\n", o.Name)
} else {
fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q created.\n", o.Name)
}
return nil
},
}
addSetEncryptionConfigFlags(o, cmd)
return cmd
}
func addSetEncryptionConfigFlags(o *config.EncryptionConfigOptions, cmd *cobra.Command) {
flags := cmd.Flags()
flags.StringVar(
&o.EncryptionKeyPath,
"encryption-key-path",
"",
"the path to the encryption key file")
flags.StringVar(
&o.DecryptionKeyPath,
"decryption-key-path",
"",
"the path to the decryption key file")
flags.StringVar(
&o.KeySecretName,
"secret-name",
"",
"name of the secret consisting of the encryption and decryption keys")
flags.StringVar(
&o.KeySecretNamespace,
"secret-namespace",
"",
"namespace of the secret consisting of the encryption and decryption keys")
}

View File

@ -0,0 +1,179 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package config
import (
"fmt"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/testutil"
)
const (
encryptionConfigName = "encryptionConfig"
secretName = "secretName"
secretNamespace = "secretNamespace"
encryptionKeyFilePath = "/tmp/encryption.key"
decryptionKeyFilePath = "/tmp/decryption.pub"
)
func TestConfigSetEncryptionConfigurationCmd(t *testing.T) {
cmdTests := []*testutil.CmdTest{
{
Name: "config-cmd-set-encryption-config-with-help",
CmdLine: "--help",
Cmd: NewSetEncryptionConfigCommand(nil),
},
{
Name: "config-cmd-set-encryption-config-no-args",
CmdLine: "",
Cmd: NewSetEncryptionConfigCommand(nil),
Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 0),
},
{
Name: "config-cmd-set-encryption-config-excess-args",
CmdLine: "arg1 arg2",
Cmd: NewSetEncryptionConfigCommand(nil),
Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 2),
},
}
for _, tt := range cmdTests {
testutil.RunTest(t, tt)
}
}
func TestSetEncryptionConfig(t *testing.T) {
given, cleanupGiven := testutil.InitConfig(t)
defer cleanupGiven(t)
tests := []struct {
testName string
encryptionConfigName string
flags []string
inputConfig *config.Config
secretName string
secretNamespace string
encryptionKeyFilePath string
decryptionKeyFilePath string
error error
}{
{
testName: "set-encryption-config-error-no-encryption",
encryptionKeyFilePath: encryptionKeyFilePath,
decryptionKeyFilePath: decryptionKeyFilePath,
encryptionConfigName: encryptionConfigName,
flags: []string{
"--decryption-key-path " + decryptionKeyFilePath,
},
error: fmt.Errorf("you must specify both encryption " +
"and decryption keys when setting encryption config"),
inputConfig: given,
},
{
testName: "set-encryption-config-error-no-decryption",
flags: []string{
"--encryption-key-path " + encryptionKeyFilePath,
},
error: fmt.Errorf("you must specify both encryption " +
"and decryption keys when setting encryption config"),
encryptionConfigName: encryptionConfigName,
encryptionKeyFilePath: encryptionKeyFilePath,
decryptionKeyFilePath: decryptionKeyFilePath,
},
{
testName: "set-encryption-config-error-no-options",
encryptionConfigName: encryptionConfigName,
error: fmt.Errorf("you must specify both encryption " +
"and decryption keys when setting encryption config"),
inputConfig: given,
},
{
testName: "set-encryption-config",
encryptionConfigName: encryptionConfigName,
encryptionKeyFilePath: encryptionKeyFilePath,
decryptionKeyFilePath: decryptionKeyFilePath,
flags: []string{
"--decryption-key-path " + decryptionKeyFilePath,
"--encryption-key-path " + encryptionKeyFilePath,
},
inputConfig: given,
},
{
testName: "set-encryption-config-error-no-namespace",
encryptionConfigName: encryptionConfigName,
flags: []string{
"--secret-name " + secretName,
},
error: fmt.Errorf("you must specify both secret name and namespace" +
" when setting encryption config"),
},
{
testName: "set-encryption-config-error-no-secret-name",
encryptionConfigName: encryptionConfigName,
flags: []string{
"--secret-namespace " + secretNamespace,
},
error: fmt.Errorf("you must specify both secret name and namespace" +
" when setting encryption config"),
},
{
testName: "set-encryption-config",
encryptionConfigName: encryptionConfigName,
secretName: secretName,
secretNamespace: secretNamespace,
encryptionKeyFilePath: encryptionKeyFilePath,
decryptionKeyFilePath: decryptionKeyFilePath,
flags: []string{
"--secret-name " + secretName,
"--secret-namespace " + secretNamespace,
},
inputConfig: given,
},
}
for _, tt := range tests {
settings := func() (*config.Config, error) {
return tt.inputConfig, nil
}
cmd := &testutil.CmdTest{
Name: tt.testName,
CmdLine: fmt.Sprintf("%s %s", tt.encryptionConfigName, strings.Join(tt.flags, " ")),
Error: tt.error,
Cmd: NewSetEncryptionConfigCommand(settings),
}
testutil.RunTest(t, cmd)
if cmd.Error != nil {
return
}
afterRunConf := tt.inputConfig
// Find the Encryption Config Created or Modified
afterRunEncryptionConfig, _ := afterRunConf.EncryptionConfigs[tt.encryptionConfigName]
require.NotNil(t, afterRunEncryptionConfig)
assert.EqualValues(t, afterRunEncryptionConfig.KeySecretName, tt.secretName)
assert.EqualValues(t, afterRunEncryptionConfig.KeySecretNamespace, tt.secretNamespace)
assert.EqualValues(t, afterRunEncryptionConfig.EncryptionKeyPath, tt.encryptionKeyFilePath)
assert.EqualValues(t, afterRunEncryptionConfig.DecryptionKeyPath, tt.decryptionKeyFilePath)
}
}

View File

@ -5,12 +5,14 @@ Usage:
Available Commands:
get-context Get context information from the airshipctl config
get-encryption-config Get an encryption config information from the airshipctl config
get-management-config View a management config or all management configs defined in the airshipctl config
get-manifest Get a manifest information from the airshipctl config
help Help about any command
import Merge information from a kubernetes config file
init Generate initial configuration files for airshipctl
set-context Manage contexts
set-encryption-config Manage encryption configs in airship config
set-management-config Modify an out-of-band management configuration
set-manifest Manage manifests in airship config
use-context Switch to a different context

View File

@ -10,6 +10,7 @@ airshipctl config set-context exampleContext \
--manifest=exampleManifest \
--user=exampleUser
--cluster-type=target
--encryption-config=exampleEncryptionConfig
# Update the manifest of the current-context
airshipctl config set-context \
@ -18,11 +19,12 @@ airshipctl config set-context \
Flags:
--cluster string set the cluster for the specified context
--cluster-type string set the cluster-type for the specified context
--current update the current context
-h, --help help for set-context
--manifest string set the manifest for the specified context
--namespace string set the namespace for the specified context
--user string set the user for the specified context
--cluster string set the cluster for the specified context
--cluster-type string set the cluster-type for the specified context
--current update the current context
--encryption-config string set the encryption config for the specified context
-h, --help help for set-context
--manifest string set the manifest for the specified context
--namespace string set the namespace for the specified context
--user string set the user for the specified context

View File

@ -11,6 +11,7 @@ airshipctl config set-context exampleContext \
--manifest=exampleManifest \
--user=exampleUser
--cluster-type=target
--encryption-config=exampleEncryptionConfig
# Update the manifest of the current-context
airshipctl config set-context \
@ -19,10 +20,11 @@ airshipctl config set-context \
Flags:
--cluster string set the cluster for the specified context
--cluster-type string set the cluster-type for the specified context
--current update the current context
-h, --help help for set-context
--manifest string set the manifest for the specified context
--namespace string set the namespace for the specified context
--user string set the user for the specified context
--cluster string set the cluster for the specified context
--cluster-type string set the cluster-type for the specified context
--current update the current context
--encryption-config string set the encryption config for the specified context
-h, --help help for set-context
--manifest string set the manifest for the specified context
--namespace string set the namespace for the specified context
--user string set the user for the specified context

View File

@ -0,0 +1,24 @@
Error: accepts 1 arg(s), received 2
Usage:
set-encryption-config NAME [flags]
Examples:
# Create an encryption config with local gpg key source
airshipctl config set-encryption-config exampleConfig \
--encryption-key path-to-encryption-key \
--decryption-key path-to-encryption-key
# Create an encryption config with kube api server secret as the store to store encryption keys
airshipctl config set-encryption-config exampleConfig \
--secret-name secretName \
--secret-namespace secretNamespace
Flags:
--decryption-key-path string the path to the decryption key file
--encryption-key-path string the path to the encryption key file
-h, --help help for set-encryption-config
--secret-name string name of the secret consisting of the encryption and decryption keys
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys

View File

@ -0,0 +1,24 @@
Error: accepts 1 arg(s), received 0
Usage:
set-encryption-config NAME [flags]
Examples:
# Create an encryption config with local gpg key source
airshipctl config set-encryption-config exampleConfig \
--encryption-key path-to-encryption-key \
--decryption-key path-to-encryption-key
# Create an encryption config with kube api server secret as the store to store encryption keys
airshipctl config set-encryption-config exampleConfig \
--secret-name secretName \
--secret-namespace secretNamespace
Flags:
--decryption-key-path string the path to the decryption key file
--encryption-key-path string the path to the encryption key file
-h, --help help for set-encryption-config
--secret-name string name of the secret consisting of the encryption and decryption keys
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys

View File

@ -0,0 +1,26 @@
Create or modify an encryption config in the airshipctl config file.
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
Usage:
set-encryption-config NAME [flags]
Examples:
# Create an encryption config with local gpg key source
airshipctl config set-encryption-config exampleConfig \
--encryption-key path-to-encryption-key \
--decryption-key path-to-encryption-key
# Create an encryption config with kube api server secret as the store to store encryption keys
airshipctl config set-encryption-config exampleConfig \
--secret-name secretName \
--secret-namespace secretNamespace
Flags:
--decryption-key-path string the path to the decryption key file
--encryption-key-path string the path to the encryption key file
-h, --help help for set-encryption-config
--secret-name string name of the secret consisting of the encryption and decryption keys
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys

View File

@ -0,0 +1,3 @@
decryptionKeyPath: /tmp/decryption.pub
encryptionKeyPath: /tmp/encryption.key

View File

@ -0,0 +1,3 @@
decryptionKeyPath: /tmp/decryption.pub
encryptionKeyPath: /tmp/encryption.key

View File

@ -0,0 +1,19 @@
Error: Unknown encryption configuration 'Encryption Config with name 'foo''.
Usage:
get-encryption-config NAME [flags]
Aliases:
get-encryption-config, get-encryption-configs
Examples:
# List all the encryption configs airshipctl knows about
airshipctl config get-encryption-configs
# Display a specific encryption config
airshipctl config get-encryption-config exampleConfig
Flags:
-h, --help help for get-encryption-config

View File

@ -0,0 +1,19 @@
Display a specific encryption config information, or all defined encryption configs if no name is provided.
Usage:
get-encryption-config NAME [flags]
Aliases:
get-encryption-config, get-encryption-configs
Examples:
# List all the encryption configs airshipctl knows about
airshipctl config get-encryption-configs
# Display a specific encryption config
airshipctl config get-encryption-config exampleConfig
Flags:
-h, --help help for get-encryption-config

View File

@ -0,0 +1,24 @@
Error: Specify both encryption and decryption keys when setting encryption config
Usage:
set-encryption-config NAME [flags]
Examples:
# Create an encryption config with local gpg key source
airshipctl config set-encryption-config exampleConfig \
--encryption-key path-to-encryption-key \
--decryption-key path-to-encryption-key
# Create an encryption config with kube api server secret as the store to store encryption keys
airshipctl config set-encryption-config exampleConfig \
--secret-name secretName \
--secret-namespace secretNamespace
Flags:
--decryption-key-path string the path to the decryption key file
--encryption-key-path string the path to the encryption key file
-h, --help help for set-encryption-config
--secret-name string name of the secret consisting of the encryption and decryption keys
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys

View File

@ -24,11 +24,13 @@ Manage the airshipctl config file
* [airshipctl](airshipctl.md) - A unified entrypoint to various airship components
* [airshipctl config get-context](airshipctl_config_get-context.md) - Get context information from the airshipctl config
* [airshipctl config get-encryption-config](airshipctl_config_get-encryption-config.md) - Get an encryption config information from the airshipctl config
* [airshipctl config get-management-config](airshipctl_config_get-management-config.md) - View a management config or all management configs defined in the airshipctl config
* [airshipctl config get-manifest](airshipctl_config_get-manifest.md) - Get a manifest information from the airshipctl config
* [airshipctl config import](airshipctl_config_import.md) - Merge information from a kubernetes config file
* [airshipctl config init](airshipctl_config_init.md) - Generate initial configuration files for airshipctl
* [airshipctl config set-context](airshipctl_config_set-context.md) - Manage contexts
* [airshipctl config set-encryption-config](airshipctl_config_set-encryption-config.md) - Manage encryption configs in airship config
* [airshipctl config set-management-config](airshipctl_config_set-management-config.md) - Modify an out-of-band management configuration
* [airshipctl config set-manifest](airshipctl_config_set-manifest.md) - Manage manifests in airship config
* [airshipctl config use-context](airshipctl_config_use-context.md) - Switch to a different context

View File

@ -0,0 +1,43 @@
## airshipctl config get-encryption-config
Get an encryption config information from the airshipctl config
### Synopsis
Display a specific encryption config information, or all defined encryption configs if no name is provided.
```
airshipctl config get-encryption-config NAME [flags]
```
### Examples
```
# List all the encryption configs airshipctl knows about
airshipctl config get-encryption-configs
# Display a specific encryption config
airshipctl config get-encryption-config exampleConfig
```
### Options
```
-h, --help help for get-encryption-config
```
### Options inherited from parent commands
```
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
--debug enable verbose output
--kubeconfig string Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig")
```
### SEE ALSO
* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file

View File

@ -21,6 +21,7 @@ airshipctl config set-context exampleContext \
--manifest=exampleManifest \
--user=exampleUser
--cluster-type=target
--encryption-config=exampleEncryptionConfig
# Update the manifest of the current-context
airshipctl config set-context \
@ -32,13 +33,14 @@ airshipctl config set-context \
### Options
```
--cluster string set the cluster for the specified context
--cluster-type string set the cluster-type for the specified context
--current update the current context
-h, --help help for set-context
--manifest string set the manifest for the specified context
--namespace string set the namespace for the specified context
--user string set the user for the specified context
--cluster string set the cluster for the specified context
--cluster-type string set the cluster-type for the specified context
--current update the current context
--encryption-config string set the encryption config for the specified context
-h, --help help for set-context
--manifest string set the manifest for the specified context
--namespace string set the namespace for the specified context
--user string set the user for the specified context
```
### Options inherited from parent commands

View File

@ -0,0 +1,53 @@
## airshipctl config set-encryption-config
Manage encryption configs in airship config
### Synopsis
Create or modify an encryption config in the airshipctl config file.
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
```
airshipctl config set-encryption-config NAME [flags]
```
### Examples
```
# Create an encryption config with local gpg key source
airshipctl config set-encryption-config exampleConfig \
--encryption-key path-to-encryption-key \
--decryption-key path-to-encryption-key
# Create an encryption config with kube api server secret as the store to store encryption keys
airshipctl config set-encryption-config exampleConfig \
--secret-name secretName \
--secret-namespace secretNamespace
```
### Options
```
--decryption-key-path string the path to the decryption key file
--encryption-key-path string the path to the encryption key file
-h, --help help for set-encryption-config
--secret-name string name of the secret consisting of the encryption and decryption keys
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
```
### Options inherited from parent commands
```
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
--debug enable verbose output
--kubeconfig string Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig")
```
### SEE ALSO
* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file