Since V3.6.0, obd supports encryption of configuration files through the obdiag tool crypto_config command. This article will introduce the specific use.
Function introduction
This command is used to encrypt the obdiag configuration file. You can use the encrypted configuration file with the --config_password option when using the obdiag function.
After the configuration file is encrypted, a new file (hereinafter collectively referred to as: encrypted file) will be generated under the original path, with the file suffix .encrypted.
Command introduction
You can configure the -h option after the command to view command help:
obdiag tool crypto_config -h
The output is as follows:
Usage: obdiag tool crypto_config [options]
Options:
--config_password=CONFIG_PASSWORD
config password
--inner_config=INNER_CONFIG
change inner config.
--key=KEY the key to encrypt or decrypt
--file=FILE the file path to encrypt or decrypt
--encrypted_file=ENCRYPTED_FILE
the file path to encrypt
-h, --help Show help and exit.
-v, --verbose Activate verbose output.
The options are explained below:
Option |
Required? |
Type |
Default |
Description |
|---|---|---|---|---|
| --config_password | No | string | Default is empty | obdiag When using an encrypted configuration file, you need to pass in the corresponding password through this option. |
| --key | No | string | ./rca |
Password used to encrypt or decrypt the configuration file. |
| --file | No | string | Empty | Path of the plaintext configuration file to encrypt. |
| --encrypted_file | No | string | Empty | Path of the encrypted file; required for decrypt or password verify. |
| --inner_config | No | string | Default is empty | obdiag's own configuration. Fixed format: --inner_config key1=value1 --inner_config key2=value2.
NoteFor parameters supported here, see Configure obdiag, section System configuration file (obdiag inner config). |
Usage example
Encryption configuration file
- Method 1: encrypt with a key on the command line
obdiag tool crypto_config --file ~/.obdiag/config.yml --key=<your_secret_key>
This is just an example. In actual use, you need to configure it according to the actual file path and replace <your_secret_key> with the actual key.
- Method 2: Interactively enter the key
obdiag tool crypto_config --file ~/.obdiag/config.yml
# You will be prompted for the key; type it and press Enter
This is just an example. In actual use, you need to configure it according to the actual file path.
Decrypt configuration file
When decrypting the configuration file, the successfully decrypted configuration file will only be printed from the command line and will not affect other files and will not be saved.
obdiag tool crypto_config --encrypted_file=~/.obdiag/config.yml.encrypted --key=<your_secret_key>
This is just an example. In actual use, you need to configure it according to the actual file path and replace <your_secret_key> with the actual key.
Verify that the password is correct
obdiag tool crypto_config --encrypted_file=~/.obdiag/config.yml.encrypted --key=<your_secret_key> --file=~/.obdiag/config.yml
This is just an example. In actual use, you need to configure it according to the actual file path and replace <your_secret_key> with the actual key.
Use encrypted configuration files
Here we take the use of encrypted configuration files for full inspection as an example to introduce how to use:
obdiag check run -c ~/.obdiag/config.yml.encrypted --config_password=<your_secret_key>
This is just an example. In actual use, you need to configure it according to the actual file path and replace <your_secret_key> with the actual key.