openstack/deb-barbican
Code Issues Proposed changes
c7441f030a
deb-barbican/install-guide/source/verify.rst
Fernando Diaz 20ffc77b60 Add Barbican Verification to Install Guide 
Adds the verification of operation for the Barbican Key Manager
Service to the install-guide.

Change-Id: Ie4723acdee590fc61a52a352ac57a50cf71534ce
2016-08-28 06:23:30 +00:00

3.7 KiB
Raw Blame History

Verify operation

Verify operation of the Key Manager (barbican) service.

Note

Perform these commands on the controller node.

  1. Source the admin credentials to be able to perform Barbican API calls:

    $ . admin-openrc

  2. Use the OpenStack CLI to store a secret:

    $ openstack secret store --name mysecret --payload j4=]d21
+---------------+-----------------------------------------------------------------------+
| Field         | Value                                                                 |
+---------------+-----------------------------------------------------------------------+
| Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
| Name          | mysecret                                                              |
| Created       | None                                                                  |
| Status        | None                                                                  |
| Content types | None                                                                  |
| Algorithm     | aes                                                                   |
| Bit length    | 256                                                                   |
| Secret type   | opaque                                                                |
| Mode          | cbc                                                                   |
| Expiration    | None                                                                  |
+---------------+-----------------------------------------------------------------------+

  3. Confirm that the secret was stored by retrieving it:

    $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa
+---------------+-----------------------------------------------------------------------+
| Field         | Value                                                                 |
+---------------+-----------------------------------------------------------------------+
| Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
| Name          | mysecret                                                              |
| Created       | 2016-08-16 16:04:10+00:00                                             |
| Status        | ACTIVE                                                                |
| Content types | {u'default': u'application/octet-stream'}                             |
| Algorithm     | aes                                                                   |
| Bit length    | 256                                                                   |
| Secret type   | opaque                                                                |
| Mode          | cbc                                                                   |
| Expiration    | None                                                                  |
+---------------+-----------------------------------------------------------------------+

    Note

    Some items are populated after the secret has been created and will only display when retrieving it.

  4. Confirm that the secret payload was stored by retrieving it:

    $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload
+---------+---------+
| Field   | Value   |
+---------+---------+
| Payload | j4=]d21 |
+---------+---------+