kfutil_stores_rot.md

kfutil stores rot

Root of trust utility

Synopsis

Root of trust allows you to manage your trusted roots using Keyfactor certificate stores. For example if you wish to add a list of "root" certs to a list of certificate stores you would simply generate and fill out the template CSV file. These template files can be generated with the following commands: kfutil stores rot generate-template --type certs kfutil stores rot generate-template --type stores Once those files are filled out you can use the following command to add the certs to the stores: kfutil stores rot audit --certs-file --stores-file Will generate a CSV report file 'rot_audit.csv' of what actions will be taken. If those actions are correct you can run the following command to actually perform the actions: kfutil stores rot reconcile --certs-file --stores-file OR if you want to use the audit report file generated you can run this command: kfutil stores rot reconcile --import-csv

Options

  -h, --help   help for rot

Options inherited from parent commands

      --api-path string                API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI")
      --auth-provider-profile string   The profile to use defined in the securely stored config. If not specified the config named 'default' will be used if it exists. (default "default")
      --auth-provider-type string      Provider type choices: (azid)
      --config string                  Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json)
      --debug                          Enable debugFlag logging.
      --domain string                  Domain to use for authenticating to Keyfactor Command.
      --exp                            Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.)
      --format text                    How to format the CLI output. Currently only text is supported. (default "text")
      --hostname string                Hostname to use for authenticating to Keyfactor Command.
      --log-insecure                   Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.)
      --no-prompt                      Do not prompt for any user input and assume defaults or environmental variables are set.
      --password string                Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text.
      --profile string                 Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists.
      --username string                Username to use for authenticating to Keyfactor Command.

SEE ALSO

• kfutil stores - Keyfactor certificate stores APIs and utilities.
• kfutil stores rot audit - Audit generates a CSV report of what actions will be taken based on input CSV files.
• kfutil stores rot generate-template - For generating Root Of Trust template(s)
• kfutil stores rot reconcile - Reconcile either takes in or will generate an audit report and then add/remove certs as needed.

Auto generated by spf13/cobra on 27-Feb-2024