kes key encrypt

Overview

Encrypt the contents of a plaintext data encryption key with a key.

The plaintext value of a data encryption key can be used to encrypt or decrypt data.

Avoid storing the plaintext on disk, as it allows decryption of data without requiring access to the Secret key used to generate the DEK.

Syntax

kes key encrypt                \
        <name>                 \
        <message>              \
        [--insecure,-k]

Parameters

`name`

Required

The short identifier for the key to use for the data encryption key.

`message`

Required

The string to encrypt.

`--insecure, -k`

Optional

Directs the command to skip x.509 certificate validation during the TLS handshake with the KES server. This allows connections to KES servers using untrusted certificates (i.e. self-signed or issued by an unknown Certificate Authority).

MinIO strongly recommends against using this option in production environments.

Examples

kes key encrypt my-key "Hello world"