Helpful links
Add host encryption keys to dtcli
Root manifests uploaded to Disk & Tape Cloud are encrypted with private, per-host keys. The keys themselves are not stored in the cloud and thus must be added to the client application manually. This only needs to be done once per host.
- Run "dtcli fetch -v" command
- Run "dtrm --show-aes-key" command on the host in question
- Run the "dtcli add_host_key" command on the client machine
- Re-run the "dtcli fetch" command
When you see the "AES key is not known" error, re-run the "dtcli fetch" command with the "-v" option. It will report the generating host for which the encryption key is not available.
Command Prompt# Example johndoe@client-pc:~$ dtcli fetch -v Registered hosts: 1 adc9cc07-df19-46e5-8f00-033d26938105: linux-server Registered roots: 1 f3fd65b4-e3a2-41d4-98d4-93fca62c2ef8: My files on linux-server Downloading root manifests... Downloading the latest root manifest for My files... - blob ID is 00a5a492-e813-422b-ab01-c20084380ed9 - downloaded 78,933 bytes - generating host: linux-server (adc9cc07-df19-46e5-8f00-033d26938105) *** ERROR: Unable to decrypt the manifest: the AES key is not known. Run the "dtcli add_host_key" command to add it.
Command Prompt# Example johndoe@linux-server:~$ dtrm --show-aes-key This host is registered with Disk & Tape Cloud. Host name: linux-server Host ID: adc9cc07-df19-46e5-8f00-033d26938105 Host API key: (hidden for security reasons, use "--show-api-key" to reveal) Host AES key: 40a8SfSZlXsAJreO5fhmGmS4BuRjBsNPY2jA81KI7pM= D&T account: johndoe (00000000-d1bf-4e49-afc9-368ce3717fb2) Done.
The first command argument is the host name. The second command argument is the host AES key.
Command Prompt# Example johndoe@client-pc:~$ dtcli add_host_key linux-server "40a8SfSZlXsAJreO5fhmGmS4BuRjBsNPY2jA81KI7pM=" A host key for host adc9cc07-df19-46e5-8f00-033d26938105 has been added. Done.
Check that all root manifests have been decrypted successfully.
