Downloading and reading of the volume encryption key (CLI)

It is possible to obtain the key and convert it to a password (passphrase), which is used by LUKS to encrypt our volume. Storing such a password, in a secure location, is standard security procedure. It is recommended to download this key and store it in a secure, Atman Cloud-independent environment, in case of so-called Disaster Recovery. Disaster Recovery. The following procedure is only possible using CLI and requires having an openstack/barbican CLI written using python version three (this is the version corresponding to OpenStack version Ussuri)

1. Reading the secret href of interest

barbican secret list

or

openstack secret list

2. Saving the key to a file

barbican secret get --payload_content_type application/octet-stream <secret_href_z_poprzedniej_sekcji> --file my_secret_key.key

or

openstack secret get --payload_content_type application/octet-stream http://controller.tc.eco.atman.pl:9311/v1/secrets/8aa87946-6bb0-4a71-a88f-8e1f5aeb7fc7 --file my_secret_key.key

3. Converting a key into a password (passphrase)

hexdump -e '16/1 "%02x"' my_secret_key.key