upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-05-28 04:02:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

WIP keep trash bin keys (fixup! WIP doc/operation: describe cleanup of removed legacy DNSSEC keys)

Browse source
This commit is contained in:
David Vašek 2026-05-26 17:12:40 +02:00
parent fade240f38
commit e7239cb3c1
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/operation.rst
View file

@ -1451,6 +1451,7 @@ tools, like in the following example sequence of shell commands (for a PEM kesyt
$ knotc -b zone-freeze
$ keymgr -l | while read zone; do keymgr "${zone}" list; done | \
sed 's@ .*$@.pem\$@' > ~/active_keys.pattern
$ keymgr -- trash-list | sed 's@ .*$@.pem\$@' >> ~/active_keys.pattern
$ find $KEYSTORE -maxdepth 1 -type f | grep -v -f ~/active_keys.pattern | xargs rm
$ knotc -b zone-thaw
@ -1464,6 +1465,7 @@ or for a PKCS #11 keystore (using the ``p11tool`` command from
$ knotc -b zone-freeze
$ keymgr -l | while read zone; do keymgr "${zone}" list; done | \
sed 's@ .*$@@' > ~/active_keys
$ keymgr -- trash-list | sed 's@ .*$@@' >> ~/active_keys
$ sed "s/../%&/g;s/[a-z]/\U&/g;s/^/id=/;s/$/\;/" < ~/active_keys > ~/active_keys.pattern
$ p11tool --login --set-pin $MYPIN --list-all-privkeys --only-urls $MYTOKEN | \
grep -v -f ~/active_keys.pattern | \