minkms identity

Generate or re-compute an identity.

Omit all arguments to generate and print a new private key and corresponding identity. You can use these identities to generate new API keys for connecting to the Key Manager server.

The following settings determine which remote Key Manager server the command runs against in order of priority:

  1. The MINIO_KMS_SERVER environment variable.
  2. The default value of https://localhost:7373.

SYNTAX

minkms identity          \
  [--json]               \
  [HSM-KEY | KEY | FILE]

minkms identity          \
  [--json]               \
  [--key FILE]           \
  [--cert FILE]          \
  [KEY]

minkms identity          \
  [--json]               \
  [--config FILE]

PARAMETERS

HSM-KEY | KEY | FILE

Optional

The HSM key, private key, or file to use for identity generation.

If specifying an HSM-KEY, the command outputs a private key and identity.

If specifying a private KEY or path to an X.509 certificate file, the command computes and returns an identity.

If specifying a path to an X.509 private key FILE, the commands computes and returns the private key as an API key.

--key

Optional

When computing a new identity, specify this option and a corresponding path to output a generated X.509 private key. Requires the --key parameter.

--cert

Optional

When computing a new identity, specify this option and a corresponding path to output a generated X.509 certificate. Requires the --key parameter.

--config

Optional

Generate private keys and identities using the HSMs in the config file.

--json

Optional

Print output in JSON format.

All Rights Reserved 2024-Present, MinIO, Inc.