[Rspamd-Users] rspamadm vault rollover

lists at mlserv.org lists at mlserv.org
Wed May 13 11:01:10 UTC 2020


I have used vault/consul for one domain in testing mode more than a year now. Yesterday I switched completely to vault/consul with all other domains.

For the one domain that was in testing mode, I had called:

rspamadm vault rollover roessner.email

which generated a new rsa and ed25519 key. I imported the pub keys into DNS. So far so good.

Today I ran:

rspamadm vault rollover -r roessner.email

in the hope that only expired keys would be removed, but unfortunately that generated a new pair rsa and ed25519 keys.

I think I still do not understand the normal workflow.

I decided to completely delete the keys for roessner.email and create two new ones. So I have a clear new starting position.

But how to I have to process in future? Could someone please explain step-by-step the necessary commands? I have read the documentation on the website, but as you see, I still don't get it right.

Would be nice to see it for

rspamadm vault create --bits 2048 example.com
rspamadm vault create --algorithm ed25519 example.com

Does it require expire options? TTLS whatever? Steps to rollover.

Many thanks in advance

Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 

More information about the Users mailing list