Verify operation

Verify operation of the Key Manager (barbican) service.

Note

Perform these commands on the controller node.

1. Install python-barbicanclient package:

   • For openSUSE and SUSE Linux Enterprise:

     $ zypper install python-barbicanclient
     

   • For Red Hat Enterprise Linux and CentOS:

     $ yum install python-barbicanclient
     

   • For Ubuntu:

     $ apt-get install python-barbicanclient
     

2. Source the admin credentials to be able to perform Barbican API calls:

   $ . admin-openrc
   

3. Use the OpenStack CLI to store a secret:

   $ openstack secret store --name mysecret --payload j4=]d21
   +---------------+-----------------------------------------------------------------------+
   | Field         | Value                                                                 |
   +---------------+-----------------------------------------------------------------------+
   | Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
   | Name          | mysecret                                                              |
   | Created       | None                                                                  |
   | Status        | None                                                                  |
   | Content types | None                                                                  |
   | Algorithm     | aes                                                                   |
   | Bit length    | 256                                                                   |
   | Secret type   | opaque                                                                |
   | Mode          | cbc                                                                   |
   | Expiration    | None                                                                  |
   +---------------+-----------------------------------------------------------------------+
   

4. Confirm that the secret was stored by retrieving it:

   $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa
   +---------------+-----------------------------------------------------------------------+
   | Field         | Value                                                                 |
   +---------------+-----------------------------------------------------------------------+
   | Secret href   | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
   | Name          | mysecret                                                              |
   | Created       | 2016-08-16 16:04:10+00:00                                             |
   | Status        | ACTIVE                                                                |
   | Content types | {'default': 'application/octet-stream'}                               |
   | Algorithm     | aes                                                                   |
   | Bit length    | 256                                                                   |
   | Secret type   | opaque                                                                |
   | Mode          | cbc                                                                   |
   | Expiration    | None                                                                  |
   +---------------+-----------------------------------------------------------------------+
   

   Note

   Some items are populated after the secret has been created and will only display when retrieving it.

5. Confirm that the secret payload was stored by retrieving it:

   $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload
   +---------+---------+
   | Field   | Value   |
   +---------+---------+
   | Payload | j4=]d21 |
   +---------+---------+