minkms identity
Generate or re-compute an identity.
Omit all arguments to generate and print a new private key and corresponding identity. You can use these identities to generate new API keys for connecting to the Key Manager server.
The following settings determine which remote Key Manager server the command runs against in order of priority:
- The
MINIO_KMS_SERVER
environment variable. - The default value of
https://localhost:7373
.
SYNTAX
minkms identity \
[--json] \
[HSM-KEY | KEY | FILE]
minkms identity \
[--json] \
[--key FILE] \
[--cert FILE] \
[KEY]
minkms identity \
[--json] \
[--config FILE]
PARAMETERS
HSM-KEY | KEY | FILE
Optional
The HSM key, private key, or file to use for identity generation.
If specifying an HSM-KEY
, the command outputs a private key and identity.
If specifying a private KEY
or path to an X.509 certificate file, the command computes and returns an identity.
If specifying a path to an X.509 private key FILE
, the commands computes and returns the private key as an API key.
--key
Optional
When computing a new identity, specify this option and a corresponding path to output a generated X.509 private key.
Requires the --key
parameter.
--cert
Optional
When computing a new identity, specify this option and a corresponding path to output a generated X.509 certificate.
Requires the --key
parameter.
--config
Optional
Generate private keys and identities using the HSMs in the config file.
--json
Optional
Print output in JSON format.