Initialize Rot
How to initialize Rot
Categories:
In this guide, we’ll go over initializing a new Rot configuration.
Initialization Process
Out of the box, Rot doesn’t know about any keys or values. Rot can perform ad-hoc encryption and decryption using rot encrypt and rot decrypt, but long term storage and sharing of secrets must be done using a shared configuration.
Rot is initialized using rot init. This command will create a new configuration within the current directory (or wherever configpath points to). A Keyring name and initial public key can be provided, as well as enabling Encrypted Vlaue Names and Metadataotherwise Rot will generate these. This command performs these actions:
- Create a new Keyring
- Generate the Keyring Private Key and Keyring Public Key.
- If a public key is not specified, generate a Decrypt Private Key and Decrypt Public Key. Rot will also save the User Private Key to the keypath, defaulting to
.rot-keys - Geenrate private and public keys for the Keyring.
- Encrypt the Keyring Private Key with the Decrypt Public Key and create a signature of the Decrypt Public Key.
- Populate the config values and save the configuration to Config >
dataPath.
If rot init is ran again, a warning will appear to prevent accidental overwriting.