command line tools for redacting keyring from snapshots (#24023)

In #23977 we moved the keyring into Raft, which can expose key material in Raft snapshots when using the less-secure AEAD keyring instead of KMS. This changeset adds tools for redacting this material from snapshots: * The `operator snapshot state` command gains the ability to display key metadata (only), which respects the `-filter` option. * The `operator snapshot save` command gains a `-redact` option that removes key material from the snapshot after it's downloaded. * A new `operator snapshot redact` command allows removing key material from an existing snapshot.
2026-01-06 18:35:44 +03:00 · 2024-09-20 15:30:14 -04:00
parent 9247dc9108
commit a7f2cb879e
14 changed files with 415 additions and 40 deletions
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -937,6 +937,10 @@
                "title": "inspect",
                "path": "commands/operator/snapshot/inspect"
              },
+              {
+                "title": "redact",
+                "path": "commands/operator/snapshot/redact"
+              },
              {
                "title": "restore",
                "path": "commands/operator/snapshot/restore"