aboutsummaryrefslogtreecommitdiffstats
path: root/man/en/sos.1
diff options
context:
space:
mode:
authorJake Hunsaker <jhunsake@redhat.com>2022-04-19 17:28:07 -0400
committerJake Hunsaker <jhunsake@redhat.com>2022-04-26 09:44:32 -0400
commita705fb1ce4f77d40f1dc40e535d49409d3681ed2 (patch)
tree7003cc072857bda342d350ae28dda429f4ab83f6 /man/en/sos.1
parent68bb9d3aeb72726f9a4c13e7e36f71dc56390c63 (diff)
downloadsos-a705fb1ce4f77d40f1dc40e535d49409d3681ed2.tar.gz
[report,collect] Add env var and prompt options for encryption
Adds a new `--encrypt` option that may be used in place of the existing encrypt-related options. If used alongside `--batch`, this new option will cause sos to set encryption options based on the `SOSENCRYPTKEY` or `SOSENCRYPTPASS` environment variables. This allows users to leverage this functionality without potentially leaking the values into `ps`-like output inside the archive. If `--batch` is not used, then this option prompts the user to select the type of method to use and then provide the value in-line, or to use the env var option. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Diffstat (limited to 'man/en/sos.1')
-rw-r--r--man/en/sos.120
1 files changed, 20 insertions, 0 deletions
diff --git a/man/en/sos.1 b/man/en/sos.1
index c335b7e1..2d5a9721 100644
--- a/man/en/sos.1
+++ b/man/en/sos.1
@@ -82,6 +82,26 @@ to be set across all components.
.B \-\-batch
Do not prompt interactively, user will not be prompted for any data
.TP
+.B \-\-encrypt
+Encrypt the resulting archive, and determine the method by which that encryption
+is done by either a user prompt or environment variables.
+
+When run with \fB--batch\fR, using this option will cause sos to look for either the
+\fBSOSENCRYPTKEY\fR or \fBSOSENCRYPTPASS\fR environment variables. If set, this will
+implicitly enable the \fB--encrypt-key\fR or \fB--encrypt-pass\fR options, respectively,
+to the values set by the environment variable. This enables the use of these options
+without directly setting those options in a config file or command line string. Note that
+use of an encryption key has precedence over a passphrase.
+
+Otherwise, using this option will cause sos to prompt the user to choose the method
+of encryption to use. Choices will be [P]assphrase, [K]ey, [E]nv vars, or [N]o encryption.
+If passphrase or key the user will then be prompted for the respective value, env vars will
+cause sos to source the information in the manner stated above, and choosing no encryption
+will disable encryption.
+
+See the sections on \fB--encrypt-key\fR and \fB--encrypt-pass\fR below for more
+information.
+.TP
.B \--encrypt-key KEY
Encrypts the resulting archive that sosreport produces using GPG. KEY must be
an existing key in the user's keyring as GPG does not allow for keyfiles.