zkey kms list
Use the zkey kms list command to list encryption keys.
Notes:
- 1 The default lists keys that the current secure key repository can use.
- -B or --label <key_label>
- Specifies the label of the secure key in the KMS. Use wildcards to list multiple secure keys. If you use wildcards, enclose the value in quotation marks.
- -N or --name <key_name>
- Specifies the key name of the secure key.
- -l or --volumes <vol_name>
- You can filter the list by the volumes that are associated with a key. Each volume association
specifies the name of the block device, for example /dev/mapper/disk1, and the
device mapper name separated by a colon.Separate multiple volume associations with a comma, for example:
# zkey kms list -l /dev/mapper/disk1:enc-disk1,/dev/mapper/disk2:enc-disk2
- -t or --volume-type <vol_type>
- Filters the list by volume type of the associated volumes used with dm-crypt. Possible values are PLAIN or LUKS2
EKMF Web only:
- -s or --states <states>
- Filters the list by key states. Separate multiple states with a comma. Possible states are
PREACTIVATION, ACTIVE, DEACTIVATED, COMPROMISED, DESTROYED, and DESTROYED-COMPROMISED.
The default is to list the ACTIVE keys.
- -a or --all
- Lists all keys that can be used for volume encryption.
By default, keys that can be exported to this secure key repository are listed.
Examples
- To list secure keys managed by the key-management system,
regardless of whether the zkey client is allowed to use
it:
# zkey kms list --all
- Using an EKMF Web plug-in, to list secure keys managed by EKMF Web, which this zkey client is allowed to use and are in
state ACTIVE:
# zkey kms list
- Using an EKMF Web plug-in, to list secure keys managed by EKMF Web, which this zkey client is allowed to use, and are
in ACTIVE or DEACTIVATED state:
# zkey kms list --states ACTIVE,DEACTIVATED