Verify operation

Verify operation

Verify operation of the Key Manager (barbican) service.

Note

Perform these commands on the controller node.

  1. Source the admin credentials to be able to perform Barbican API calls:

    $ . admin-openrc
    
  2. Use the OpenStack CLI to store a secret:

    $ openstack secret store --name mysecret --payload j4=]d21
    +---------------+-----------------------------------------------------------------------+
    | Field         | Value                                                                 |
    +---------------+-----------------------------------------------------------------------+
    | Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
    | Name          | mysecret                                                              |
    | Created       | None                                                                  |
    | Status        | None                                                                  |
    | Content types | None                                                                  |
    | Algorithm     | aes                                                                   |
    | Bit length    | 256                                                                   |
    | Secret type   | opaque                                                                |
    | Mode          | cbc                                                                   |
    | Expiration    | None                                                                  |
    +---------------+-----------------------------------------------------------------------+
    
  3. Confirm that the secret was stored by retrieving it:

    $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa
    +---------------+-----------------------------------------------------------------------+
    | Field         | Value                                                                 |
    +---------------+-----------------------------------------------------------------------+
    | Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
    | Name          | mysecret                                                              |
    | Created       | 2016-08-16 16:04:10+00:00                                             |
    | Status        | ACTIVE                                                                |
    | Content types | {u'default': u'application/octet-stream'}                             |
    | Algorithm     | aes                                                                   |
    | Bit length    | 256                                                                   |
    | Secret type   | opaque                                                                |
    | Mode          | cbc                                                                   |
    | Expiration    | None                                                                  |
    +---------------+-----------------------------------------------------------------------+
    

    Note

    Some items are populated after the secret has been created and will only display when retrieving it.

  4. Confirm that the secret payload was stored by retrieving it:

    $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload
    +---------+---------+
    | Field   | Value   |
    +---------+---------+
    | Payload | j4=]d21 |
    +---------+---------+
    
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.