1. Exascale User's Guide
  2. Using ESCLI
  3. ESCLI Command Reference
  4. Security and User Management
  5. chwallet

6.2.4.3 chwallet

Change authentication-related data in a local wallet.

Purpose

The chwallet command changes ESCLI authentication-related data like the user identifier and private key in a local wallet.

Syntax

chwallet  --wallet wallet-location [ --attributes attribute=value[,attribute=value] ... ] [ --private-key-file pem-file [ --force ]] [ --fetch-trust-store ] [ { --trusted-cert-file trust-file-name } ] [ --clear-old-trusted-certs ] [ --private-key-remove ]

Command Options

The options for the chwallet command are:

  • --wallet: Identifies the wallet that is the subject of the operation. wallet-location must be specified as a directory location or SSO file location. The wallet must already exist. A wallet can be created using the ESCLI mkwallet command.

  • --attributes: Optionally specifies values for attributes of the wallet.

  • --private-key-file: Specifies a regular file location that contains a private key in PEM format.

  • --force: Optionally replaces the private key in the wallet without confirmation. This option works in conjunction with the --private-key-file option.

  • --fetch-trust-store: Gets the trusted certificates from the Exascale storage cluster and stores them in the wallet.

  • --trusted-cert-file: Reads trusted certificates from the specified file and stores them in the wallet. You can use this option to read a PEM format file containing one trusted certificate. Or, you can use a file containing multiple trusted certificates, which is a concatenation of multiple PEM format files, each containing one trusted certificate.

  • --clear-old-trusted-certs: Removes all previous trusted certificates from the wallet.

    This option is useful for removing old and expired trusted certificates.

    Note:

    This option also removes manually added trusted certificates and trusted certificates not issued by the trustStore.

  • --private-key-remove: Removes the private key from the wallet.

Examples

Example 6-32 Set a Private Key and User Identifier in a Wallet

The following example shows setting the private key and user identifier inside the wallet at /home/user/user.wallet. 

@> chwallet --wallet /home/user/user.wallet --private-key-file /home/user/privatekey.pem --attributes user=0b9b8510-f88e-4f7b-ac57-10943c73dbe8

Example 6-33 Set the URL for the Exascale cluster services (EGS) in a Wallet

The following example shows setting the URL for the Exascale cluster services (EGS) inside the wallet at /home/user/user.wallet. 

@> chwallet --wallet /home/user/user.wallet --attributes exaRootUrl="egs=egsexc4:192.0.2.217:5045 egs=egsexc4:192.0.2.218:5045 egs=egsexc4:192.0.2.219:5045"

Example 6-34 Fetch Trust Store Certificates to a Wallet

The following example gets the trusted certificates from the Exascale storage cluster and stores them in the specified wallet. The command also removes the certificates that previously resided in the wallet.

@> chwallet --wallet /home/user/user.wallet --fetch-trust-store --clear-old-trusted-certs

Example 6-35 Load Trust Store Certificates to a Wallet

The following examples read the trusted certificates from the specified PEM files and stores them in the specified wallet. Each command also removes the certificates that previously resided in the wallet.

Both examples are functionally equivalent assuming that /tmp/concatenated-trust.pem is a concatenation of /tmp/trust1.pem, /tmp/trust2.pem, and /tmp/trust3.pem. 

@> chwallet --wallet /home/user/user.wallet --trusted-cert-file /tmp/trust1.pem --trusted-cert-file /tmp/trust2.pem --trusted-cert-file /tmp/trust3.pem --clear-old-trusted-certs
@> chwallet --wallet /root/eswallet/ --trusted-cert-file /tmp/concatenated-trust.pem --clear-old-trusted-certs

Related Topics

Parent topic: Security and User Management