Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

25.4. Storing a User's Personal Secret

This section shows how a user can create one or more private vaults to securely store personal secrets. The user then retrieves the secrets when required, on any machine in the domain. For example, the user can archive a personal certificate in a vault, thus storing the certificate securely in a centralized location.
This section includes these procedures:
In the procedures:
  • user is the user who wants to create the vault
  • my_vault is the vault used to store the user's certificate
  • the vault type is standard, so that accessing the archived certificate does not require the user to provide a vault password
  • secret.txt is the file containing the certificate that the user wants to store in the vault
  • secret_exported.txt is the file to which the user exports the archived certificate

25.4.1. Archiving a User's Personal Secret
Link kopieren

Create a private user vault and store your certificate in it. The vault type is standard, which ensures you will not be required to authenticate when accessing the certificate.
  1. Log in as user: 
    $ kinit user
    Copy to Clipboard Toggle word wrap
  2. Use the ipa vault-add command to create a standard vault: 
    $ ipa vault-add my_vault --type standard
----------------------
Added vault "my_vault"
----------------------
  Vault name: my_vault
  Type: standard
  Owner users: user
  Vault user: user
    Copy to Clipboard Toggle word wrap
    Important
    Make sure the first user vault for a user is created by the same user. For example, if another user, such as admin, creates the first user vault for user1, the owner of the user's vault container will also be admin, and user1 will be unable to access the user vault or create new user vaults. See also Section B.5.1, “Users Cannot Access Their Vault Due To Insufficient 'add' Privilege”.
  3. Use the ipa vault-archive --in command to archive the secret.txt file into the vault: 
    $ ipa vault-archive my_vault --in secret.txt
-----------------------------------
Archived data into vault "my_vault"
-----------------------------------
    Copy to Clipboard Toggle word wrap
    Note
    One vault can only store one secret.

25.4.2. Retrieving a User's Personal Secret
Link kopieren

Export the certificate from your private standard vault.
  1. Log in as user: 
    $ kinit user
    Copy to Clipboard Toggle word wrap
  2. Use the ipa vault-retrieve --out command to retrieve the contents of the vault and save them into the secret_exported.txt file. 
    $ ipa vault-retrieve my_vault --out secret_exported.txt
--------------------------------------
Retrieved data from vault "my_vault"
--------------------------------------
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2026 Red HatNach oben