Verify operation

Verify operation of the Key Manager (barbican) service.

Note

Perform these commands on the controller node.

  1. Install python-barbicanclient package:

    • For openSUSE and SUSE Linux Enterprise:

      $ zypper install python-barbicanclient
      
    • For Red Hat Enterprise Linux and CentOS:

      $ yum install python-barbicanclient
      
    • For Ubuntu:

      $ apt-get install python-barbicanclient
      
  2. Source the admin credentials to be able to perform Barbican API calls:

    $ . admin-openrc
    
  3. Use the OpenStack CLI to store a secret:

    $ openstack secret store --name mysecret --payload j4=]d21
    +---------------+-----------------------------------------------------------------------+
    | Field         | Value                                                                 |
    +---------------+-----------------------------------------------------------------------+
    | Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
    | Name          | mysecret                                                              |
    | Created       | None                                                                  |
    | Status        | None                                                                  |
    | Content types | None                                                                  |
    | Algorithm     | aes                                                                   |
    | Bit length    | 256                                                                   |
    | Secret type   | opaque                                                                |
    | Mode          | cbc                                                                   |
    | Expiration    | None                                                                  |
    +---------------+-----------------------------------------------------------------------+
    
  4. Confirm that the secret was stored by retrieving it:

    $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa
    +---------------+-----------------------------------------------------------------------+
    | Field         | Value                                                                 |
    +---------------+-----------------------------------------------------------------------+
    | Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
    | Name          | mysecret                                                              |
    | Created       | 2016-08-16 16:04:10+00:00                                             |
    | Status        | ACTIVE                                                                |
    | Content types | {'default': 'application/octet-stream'}                               |
    | Algorithm     | aes                                                                   |
    | Bit length    | 256                                                                   |
    | Secret type   | opaque                                                                |
    | Mode          | cbc                                                                   |
    | Expiration    | None                                                                  |
    +---------------+-----------------------------------------------------------------------+
    

    Note

    Some items are populated after the secret has been created and will only display when retrieving it.

  5. Confirm that the secret payload was stored by retrieving it:

    $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload
    +---------+---------+
    | Field   | Value   |
    +---------+---------+
    | Payload | j4=]d21 |
    +---------+---------+