kes key create

Overview

Add a new cryptographic key and store it in the configured Key Management System. KES never returns the generated secret to clients.

Syntax

kes key create                  \
        <name>                  \
        [--enclave, -e <name>]  \
        [--insecure, -k]

Parameters

name

Required

The short identifier for the key to use for the data encryption key.

You may add multiple names to a single command to generate multiple keys.

--enclave, -e

Optional

The short name of the KES enclave to output information about.

--insecure, -k

Optional

Directs the command to skip x.509 certificate validation during the TLS handshake with the KES server. This allows connections to KES servers using untrusted certificates (i.e. self-signed or issued by an unknown Certificate Authority).

MinIO strongly recommends against using this option in production environments.

Examples

kes key create my-key
kes key create my-key1 my-key2