Provided by: s390-tools_2.37.0-0ubuntu2_amd64 bug

NAME
       pvsecret-create-retrievable - Create a retrievable secret


SYNOPSIS
       pvsecret create retrievable [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>
       pvsecret create retr [OPTIONS] --secret <SECRET-FILE> --type <TYPE> <NAME>


DESCRIPTION
       A retrievable secret is stored in the per-guest storage of the Ultravisor. A SE-guest can retrieve the
       secret at runtime and use it. All retrievable secrets, but the plaintext secret, are retrieved as
       wrapped/protected key objects and only usable inside the current, running SE-guest instance.


OPTIONS
       <NAME>
           String that identifies the new secret. The actual secret is set with --secret. The name is saved in
           `NAME.yaml` with white-spaces mapped to `_`.

       --stdout
           Print the hashed name to stdout. The hashed name is not written to `NAME.yaml`

       --secret <SECRET-FILE>
           Use SECRET-FILE as retrievable secret.

       --type <TYPE>
           Specify the secret type. Limitations to the input data apply depending on the secret type.

           Possible values:
               - plain: A plaintext secret. Can be any file up to 8190 bytes long.

               - aes: An AES key. Must be a plain byte file 128, 192, or 256 bit long.

               - aes-xts: An AES-XTS key. Must be a plain byte file 512, or 1024 bit long.

               - hmac-sha: A HMAC-SHA key. Must be a plain byte file 512, or 1024 bit long.

               - ec: An elliptic curve private key. Must be a PEM or DER file.

       -h, --help
           Print help (see a summary with -h).


SEE ALSO
       pvsecret(1) pvsecret-create(1)

s390-tools                                         2024-12-19                     PVSECRET-CREATE-RETRIEVABLE(1)