6.2.4.3 chwallet
Change authentication-related data in a local wallet.
Purpose
The chwallet
command changes ESCLI authentication-related data like
the user identifier and private key in a local wallet.
Syntax
chwallet --wallet wallet-location [ --attributes attribute=value[,attribute=value] ... ] [ --private-key-file pem-file [ --force ]] [ --fetch-trust-store ] [ { --trusted-cert-file trust-file-name } ] [ --clear-old-trusted-certs ] [ --private-key-remove ]
Command Options
The options for the chwallet
command are:
-
--wallet
: Identifies the wallet that is the subject of the operation. wallet-location must be specified as a directory location or SSO file location. The wallet must already exist. A wallet can be created using the ESCLImkwallet
command. -
--attributes
: Optionally specifies values for attributes of the wallet. -
--private-key-file
: Specifies a regular file location that contains a private key in PEM format. -
--force
: Optionally replaces the private key in the wallet without confirmation. This option works in conjunction with the--private-key-file
option. -
--fetch-trust-store
: Gets the trusted certificates from the Exascale storage cluster and stores them in the wallet. -
--trusted-cert-file
: Reads trusted certificates from the specified file and stores them in the wallet. You can use this option to read a PEM format file containing one trusted certificate. Or, you can use a file containing multiple trusted certificates, which is a concatenation of multiple PEM format files, each containing one trusted certificate. -
--clear-old-trusted-certs
: Removes all previous trusted certificates from the wallet.This option is useful for removing old and expired trusted certificates.
Note:
This option also removes manually added trusted certificates and trusted certificates not issued by the trustStore.
-
--private-key-remove
: Removes the private key from the wallet.
Examples
Example 6-32 Set a Private Key and User Identifier in a Wallet
The following example shows setting the private key and user identifier inside the
wallet at /home/user/user.wallet
.
@> chwallet --wallet /home/user/user.wallet --private-key-file /home/user/privatekey.pem --attributes user=0b9b8510-f88e-4f7b-ac57-10943c73dbe8
Example 6-33 Set the URL for the Exascale cluster services (EGS) in a Wallet
The following example shows setting the URL for the Exascale cluster services (EGS) inside the wallet at
/home/user/user.wallet
.
@> chwallet --wallet /home/user/user.wallet --attributes exaRootUrl="egs=egsexc4:192.0.2.217:5045 egs=egsexc4:192.0.2.218:5045 egs=egsexc4:192.0.2.219:5045"
Example 6-34 Fetch Trust Store Certificates to a Wallet
The following example gets the trusted certificates from the Exascale storage cluster and stores them in the specified wallet. The command also removes the certificates that previously resided in the wallet.
@> chwallet --wallet /home/user/user.wallet --fetch-trust-store --clear-old-trusted-certs
Example 6-35 Load Trust Store Certificates to a Wallet
The following examples read the trusted certificates from the specified PEM files and stores them in the specified wallet. Each command also removes the certificates that previously resided in the wallet.
Both examples are functionally equivalent assuming that
/tmp/concatenated-trust.pem
is a concatenation of
/tmp/trust1.pem
, /tmp/trust2.pem
, and
/tmp/trust3.pem
.
@> chwallet --wallet /home/user/user.wallet --trusted-cert-file /tmp/trust1.pem --trusted-cert-file /tmp/trust2.pem --trusted-cert-file /tmp/trust3.pem --clear-old-trusted-certs
@> chwallet --wallet /root/eswallet/ --trusted-cert-file /tmp/concatenated-trust.pem --clear-old-trusted-certs
Related Topics
Parent topic: Security and User Management