kes key dek
Generate a new data encryption key (DEK) from a secret key on the KES server.
The output of the command includes both a plaintext key and a ciphertext representation. The output resembles the following:
plaintext: kk/+NxO1LHb9ilbai7B9qo60649zNPmSVuJ2akEJFQ4= ciphertext: lbFBRVMyNTYtR0NNX1NIQTI1NtkgMTRlYjE3YWVjMTBjZDMxYTZiYzAwNmJhODFkNjM1ODnEEKOclQFBMYNZ3dVJPCrldAHEDLkZD9YgLpFW77+8b8Qw7Tn/6tFhyYUoFzS4+jYv8ty/Y5bqKzU6lPUEq/O8xEnYs92wEyvdSfTpTDEH8a8Q
To encrypt or decrypt the keys, use
kes key encrypt or
kes key decrypt.
key key dek <name> \ [<context>] \ [--enclave, -e <name>] \ [--insecure, -k]
The short identifier for the key to use for the data encryption key.
The context value to scope the request for a data encryption key.
You create contexts in the
kubeconfig file of a Kubernetes deployment to define a set of cluster, namespace, and user configuration to use.
The short name of the KES enclave to output information about.
Directs the command to skip x.509 certificate validation during the TLS handshake with the KES server. This allows connections to KES servers using untrusted certificates (i.e. self-signed or issued by an unknown Certificate Authority).
MinIO strongly recommends against using this option in production environments.
kes key dek my-key