Skip to content

Kops create secret ciliumpassword

kops create secret ciliumpassword

Create a cilium encryption key.


Create a new cilium encryption secret, and store it in the state store. Used by Cilium to generate encrypted communication between pods/nodes.

kops create secret ciliumpassword [flags]


  # Create a new cilium encryption key.
  kops create secret ciliumpassword -f /path/to/ciliumpassword \
  --name --state s3://my-state-store
  # Create a new cilium encryption key via stdin.
  cat <<EOF | kops create secret ciliumpassword --name --state s3://my-state-store -f -
  keys: $(echo "3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null| xxd -p -c 64)) 128")
  # Replace an existing ciliumpassword secret
  kops create secret ciliumpassword -f /path/to/ciliumpassword --force \
  --name --state s3://my-state-store


  -f, -- string   Path to the cilium encryption config file
      --force     Force replace the kOps secret if it already exists
  -h, --help      help for ciliumpassword

Options inherited from parent commands

      --add_dir_header                   If true, adds the file directory to the header of the log messages
      --alsologtostderr                  log to standard error as well as files
      --config string                    yaml config file (default is $HOME/.kops.yaml)
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --log_file string                  If non-empty, use this log file
      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --name string                      Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files
      --state string                     Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
  -v, --v Level                          number for the log level verbosity
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging