From a3b2e44fb4ccab1d234d65b2eaa726776e5d97c8 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Wed, 23 Oct 2024 11:39:32 +0200 Subject: [PATCH] docs: update TLS options With the added support to also accept the key via the command line update the documentation accordingly. Signed-off-by: Daniel Wagner --- Documentation/nvme-connect.txt | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt index 0112e110..a18ff0b8 100644 --- a/Documentation/nvme-connect.txt +++ b/Documentation/nvme-connect.txt @@ -26,7 +26,8 @@ SYNOPSIS [--keep-alive-tmo=<#> | -k <#>] [--reconnect-delay=<#> | -c <#>] [--ctrl-loss-tmo=<#> | -l <#>] [--tos=<#> | -T <#>] - [--keyring=<#>] [--tls_key=<#>] + [--keyring=] [--tls-key=] + [--tls-key-identity=] [--duplicate-connect | -D] [--disable-sqflow ] [--hdr-digest | -g] [--data-digest | -G] [--tls] [--concat] [--dump-config | -O] [--application=] @@ -151,11 +152,22 @@ OPTIONS --tos=<#>:: Type of service for the connection (TCP) ---keyring=<#>:: - Keyring for TLS key lookup. - ---tls_key=<#>:: - TLS key for the connection (TCP). +--keyring=:: + Keyring for TLS key lookup, either the key id or the keyring name. + +--tls-key=:: + TLS key for the connection (TCP), either the TLS key in + interchange format or the key id. It's strongly recommended not + to provide the TLS key via the comamnd line due to security + concerns. Instead in production situation, the key should be + loaded into the keystore with 'nvme tls --import' and only the + '--tls' options used. The kernel will select the matching key. + +--tls-key-identity=:: + The identity used for the tls-key. If none is provided the + tls-key provided via the comamnd line is considered a + configuration key and a derive key will be loaded into the + keyring. -D:: --duplicate-connect:: -- 2.50.1