zato update crypto

Updates crypto material of a Zato component. All parameters are paths on the filesystem and paths to keys and certificates need to be in PEM.

All Zato secrets encrypted using the previous public key will be re-encrypted using the new one. The component will not be restarted and will not pick up the new material without a restart.

Old files will be replaced. However, they will still continue to exist in the component’s configuration repository.

Command-specific parameters

Name Description Example value
path Path to a Zato component ~/zato1/server1/
pub_key_path Path to a public key in PEM ~/crypto/zato.server1.pub.pem
priv_key_path Path to a private key in PEM ~/crypto/zato.server1.priv.pem
cert_path Path to a component’s certificate in PEM ~/crypto/zato.server1.cert.pem
ca_certs_path Path to a bundle of CA certificates in PEM ~/crypto/ca-cert.pem

Usage

$ zato update crypto [-h] [--store-log] [--verbose] [--store-config]
    path pub_key_path priv_key_path cert_path ca_certs_path
$ zato update crypto ~/zato1/server1/
    ~/crypto/zato.server1.pub.pem
    ~/crypto/zato.server1.priv.pem
    ~/crypto/zato.server1.cert.pem
    ~/crypto/ca-cert.pem
$

Changelog

Version Notes
1.0 Added initially