Breadcrumbs

Generating a Symmetric Key in OpenStack Barbican

  1. Generate a new 256-bit key using openstack secret order create command and store it in Barbican.

›_ Console

# openstack secret order create --name app_key --algorithm aes --mode ctr --bit-length 256 --payload-content-type=application/octet-stream key


SymmetricKeyCreated.png

Symmetric key created and stored in Barbican

  1. You can also verify the encryption operation logging in PKCS11 log file cs_pkcs11_R2.log during secret generation as shown below.

SymmetricKeyCreated_Logs_PKCS11.png


PKCS#11 logs showing key encryption

  1. View the details of the order to identify the location of the generated key, shown here as the Secret href value.

›_ Console

# openstack secret order get <order_href>


GetSecretOrder.png


Viewing order details

  1. Retrieve the details of the secret.

›_ Console

# openstack secret get <secret_href>


GetSecretFromOrder.png


Viewing secret details

  1. Alternatively, you can list the symmetric key that has been generated by the command below.

›_ Console

# openstack secret list


SymmetricKey_SecretList.png


Symmetric key in secret list