diff options
author | Jake Hunsaker <jhunsake@redhat.com> | 2022-04-19 17:28:07 -0400 |
---|---|---|
committer | Jake Hunsaker <jhunsake@redhat.com> | 2022-04-26 09:44:32 -0400 |
commit | a705fb1ce4f77d40f1dc40e535d49409d3681ed2 (patch) | |
tree | 7003cc072857bda342d350ae28dda429f4ab83f6 /man/en/sos.1 | |
parent | 68bb9d3aeb72726f9a4c13e7e36f71dc56390c63 (diff) | |
download | sos-a705fb1ce4f77d40f1dc40e535d49409d3681ed2.tar.gz |
[report,collect] Add env var and prompt options for encryption
Adds a new `--encrypt` option that may be used in place of the existing
encrypt-related options. If used alongside `--batch`, this new option
will cause sos to set encryption options based on the `SOSENCRYPTKEY` or
`SOSENCRYPTPASS` environment variables. This allows users to leverage
this functionality without potentially leaking the values into `ps`-like
output inside the archive.
If `--batch` is not used, then this option prompts the user to select
the type of method to use and then provide the value in-line, or to use
the env var option.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Diffstat (limited to 'man/en/sos.1')
-rw-r--r-- | man/en/sos.1 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/man/en/sos.1 b/man/en/sos.1 index c335b7e1..2d5a9721 100644 --- a/man/en/sos.1 +++ b/man/en/sos.1 @@ -82,6 +82,26 @@ to be set across all components. .B \-\-batch Do not prompt interactively, user will not be prompted for any data .TP +.B \-\-encrypt +Encrypt the resulting archive, and determine the method by which that encryption +is done by either a user prompt or environment variables. + +When run with \fB--batch\fR, using this option will cause sos to look for either the +\fBSOSENCRYPTKEY\fR or \fBSOSENCRYPTPASS\fR environment variables. If set, this will +implicitly enable the \fB--encrypt-key\fR or \fB--encrypt-pass\fR options, respectively, +to the values set by the environment variable. This enables the use of these options +without directly setting those options in a config file or command line string. Note that +use of an encryption key has precedence over a passphrase. + +Otherwise, using this option will cause sos to prompt the user to choose the method +of encryption to use. Choices will be [P]assphrase, [K]ey, [E]nv vars, or [N]o encryption. +If passphrase or key the user will then be prompted for the respective value, env vars will +cause sos to source the information in the manner stated above, and choosing no encryption +will disable encryption. + +See the sections on \fB--encrypt-key\fR and \fB--encrypt-pass\fR below for more +information. +.TP .B \--encrypt-key KEY Encrypts the resulting archive that sosreport produces using GPG. KEY must be an existing key in the user's keyring as GPG does not allow for keyfiles. |