How to manage .pem, .crt, and other key files
This guide will explain how to deal with files that are completely secret, like
.crt, and other key files.
For files that are partially secret, checkout the config file guide.
This guide will show how to deal with TLS certificate keys, but the same principles can be applied to other secret files as well.
Before you begin
Before you start using SecretHub with key files, make sure you have completed the following steps:
1. Store the file on SecretHub
SecretHub can hold any type of value (they’re just bytes). To write the contents of a file to SecretHub, use write:
secrethub write --in-file <path to file> <path on SecretHub>
For example, to store the contents of the
example.com.key file at the
your-company/tls/example.com/key path on SecretHub:
secrethub write --in-file example.com.key your-company/tls/example.com/key
2. Retrieve the file from SecretHub
To write the contents of a secret back to a file, use read:
secrethub read --out-file <path to file> <path on SecretHub>
For example, to write the contents stored at
your-company/tls/example.com/key on SecretHub to the
secrethub read --out-file /etc/pki/tls/private/example.com.key your-company/tls/example.com/key