Closed felsgaertner closed 5 months ago
With jq == https://github.com/jqlang/jq
Hello @felsgaertner .
Yes, both should be possible. Indeed, it is being done in the clevis test suite: https://github.com/RedHat-SP-Security/clevis-tests/blob/master/Sanity/automate-clevis-luks-bind/runtest.sh#L60
Hope this helps
Thanks, seems to be parameter -k for key files.
Hello,
two short questions, may be feature requests:
1) clevis luks bind always asks for a passphrase that I have to enter manually. Is it possible to provide a key file instead of a passphrase, which would be cryptsetup's option --key-file?
2) As discussed in https://github.com/latchset/clevis/issues/444#issuecomment-1863071248, a config could become longer and therefore hard to read/verify. Is it possible to provide the pin config as file? So e.g. if the config is a file instead of a json object, take the config parameter as file name and use the file contents for jose etc.
Without that one would have to do things like subshell expansion to compact a readable multi line JSON to a single string for command line as a workaround, e.g. for SSS