How to manage .pem, .crt, and other key files
This guide will explain how to deal with files that are completely secret, like .pem, .crt, and other key files.
For files that are partially secret, checkout the config file guide.
This guide will show how to deal with TLS certificate keys, but the same principles can be applied to other secret files as well.
Before you begin
Before you start using SecretHub with key files, make sure you have completed the following steps:
- Set up SecretHub on your workstation.
Step 1: Store the file on SecretHub
SecretHub can hold any type of value (they’re just bytes). To write the contents of a file to SecretHub, use write:
secrethub write --in-file <path to file> <path on SecretHub>
For example, to store the contents of the example.com.key file at the your-company/tls/example.com/key path on SecretHub:
secrethub write --in-file example.com.key your-company/tls/example.com/key
Step 2: Retrieve the file from SecretHub
To write the contents of a secret back to a file, use read:
secrethub read --out-file <path to file> <path on SecretHub>
For example, to write the contents stored at your-company/tls/example.com/key on SecretHub to the example.com.key file:
secrethub read --out-file /etc/pki/tls/private/example.com.key your-company/tls/example.com/key
