From 812c271cec18a858e284e1a7e14d89be583ab31e Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Mon, 17 Feb 2025 20:31:19 +0530 Subject: [PATCH 01/18] [Docs] Add examples for creating and managing EAR-enabled clusters with CMK --- .../managed-cli-example-create.md | 135 ++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 84f4bfb1bc9..1e761fa375e 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -213,6 +213,141 @@ Name Tier Version State Health Regions my-multi-region Dedicated 2.14.7.0-b51 ACTIVE 💚 us-central1,+2 3 6 / 24GB / 600GB ``` +## Create, update, and describe an EAR-enabled cluster + +### Create an EAR-enabled cluster + +Use the following commands to create a new cluster with Encryption at Rest (EAR) enabled using a customer-managed key (CMK) in AWS, GCP, or Azure. + +AWS: + +```sh +ybm cluster create --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= +``` + +GCP: + +```sh +ybm cluster create --encryption-spec cloud-provider=GCP,gcp-resource-id=projects//locations//keyRings//cryptoKeys/,gcp-service-account-path=creds.json +``` + +Azure: + +```sh +ybm cluster create --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= +``` + +### Describe an EAR-enabled cluster + +Use the following commands to display the CMK configuration details for a specific cluster. + +AWS: + +```sh +ybm cluster describe --cluster-name test-cluster-azure +``` + +```output +General +Name ID Version State Health +test-cluster-azure b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 + +Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + +... + +Encryption at Rest +Provider Key Alias Last Rotated Security Principals CMK Status +AWS 0a80e409-e345-42fc-b456-bafXXXXXXb2c 2023-11-03T07:37:26.351Z arn:aws:kms:us-east-1:745843456716:key/41c64d5g-c97d-472c-889e-0dXXXXXXXXXX ACTIVE +... +``` + +Azure: + +```sh +ybm cluster describe --cluster-name test-cluster-azure +``` + +```output +General +Name ID Version State Health +test-cluster-azure b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 + +Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + +... + +Encryption at Rest +Provider Key Alias Last Rotated Security Principals CMK Status +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z https://test-azure-gj.vault.azure.net/ ACTIVE +... +``` + +GCP: + +```sh +ybm cluster describe --cluster-name test-cluster-azure +``` + +```output +General +Name ID Version State Health +test-cluster-azure b1676d3f-8898-4c04-a1d6-XXXXXXXXXXXX 2.18.3.0-b75 ACTIVE 💚 + +Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + +... + +Encryption at Rest +Provider Key Alias Last Rotated Security Principals CMK Status +GCP GCP-test-key 2023-11-03T07:37:26.351Z projects//locations/global/keyRings/GCP-test-key-ring/cryptoKeys/GCP-test-key ACTIVE + +... +``` + +### Update CMK configuration + +Use the following commands to update the CMK configuration. If no existing configuration is found, the command creates a new one; otherwise, it updates the current configuration. + +Note: Only credentials can be modified in the current configuration (for example, AWS access/secret keys or GCP service account credentials). + +AWS: + +```sh +ybm cluster encryption update --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= +``` + +GCP: + +```sh +ybm cluster encryption update --encryption-spec resource-id=projects/yugabyte/locations/global/keyRings/test-byok/cryptoKeys/key1,k= +``` + +Azure: + +```sh +ybm cluster encryption update --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= +``` + +### Update CMK state + +Use the following commands to enable or disable the CMK state. + +#### enable CMK + +```sh +ybm cluster encryption update-state --cluster-name test-cluster-arishta --enable +``` + +#### disable CMK + +```sh +ybm cluster encryption update-state --cluster-name test-cluster-arishta --disable +``` + ## Pause, resume, and terminate To list your clusters, enter the following command: From 68d16e592343e3813cbc7d5ad31437c1141097b3 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Tue, 18 Feb 2025 10:36:14 +0530 Subject: [PATCH 02/18] Apply suggestions from code review Co-authored-by: Dwight Hodge <79169168+ddhodge@users.noreply.github.com> --- .../managed-cli-examples/managed-cli-example-create.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 1e761fa375e..fb94dbe05f8 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -213,11 +213,13 @@ Name Tier Version State Health Regions my-multi-region Dedicated 2.14.7.0-b51 ACTIVE 💚 us-central1,+2 3 6 / 24GB / 600GB ``` -## Create, update, and describe an EAR-enabled cluster +## Encryption at rest + +YugabyteDB Aeon supports [encryption at rest](../../../../cloud-secure-clusters/managed-ear) (EAR). Before you can create a cluster with EAR, you need to create a customer managed key (CMK) in a cloud provider Key Management Service (KMS). See [Prerequisites](../../../../cloud-secure-clusters/managed-ear/#prerequisites). ### Create an EAR-enabled cluster -Use the following commands to create a new cluster with Encryption at Rest (EAR) enabled using a customer-managed key (CMK) in AWS, GCP, or Azure. +Use the following commands to create a new cluster with EAR in AWS, GCP, or Azure. AWS: @@ -237,9 +239,8 @@ Azure: ybm cluster create --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= ``` -### Describe an EAR-enabled cluster -Use the following commands to display the CMK configuration details for a specific cluster. +The EAR details are displayed with the cluster details. AWS: From 4a867e96ca3565d53985adf1a1db80a3f344ff5f Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Tue, 18 Feb 2025 10:36:36 +0530 Subject: [PATCH 03/18] Apply suggestions from code review Co-authored-by: Dwight Hodge <79169168+ddhodge@users.noreply.github.com> --- .../managed-cli-examples/managed-cli-example-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index fb94dbe05f8..02608019468 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -217,7 +217,7 @@ my-multi-region Dedicated 2.14.7.0-b51 ACTIVE 💚 us-central1,+ YugabyteDB Aeon supports [encryption at rest](../../../../cloud-secure-clusters/managed-ear) (EAR). Before you can create a cluster with EAR, you need to create a customer managed key (CMK) in a cloud provider Key Management Service (KMS). See [Prerequisites](../../../../cloud-secure-clusters/managed-ear/#prerequisites). -### Create an EAR-enabled cluster +### Create a cluster with EAR Use the following commands to create a new cluster with EAR in AWS, GCP, or Azure. From bfd1c90e5c2a3c3f6810ca4f2a9bed982821a00a Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Tue, 18 Feb 2025 15:09:54 +0530 Subject: [PATCH 04/18] use tabs for commands and outputs --- .../managed-cli-example-create.md | 73 ++++++++++++++----- 1 file changed, 53 insertions(+), 20 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 02608019468..d9e1472f208 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -221,37 +221,48 @@ YugabyteDB Aeon supports [encryption at rest](../../../../cloud-secure-clusters/ Use the following commands to create a new cluster with EAR in AWS, GCP, or Azure. -AWS: +{{< tabpane text=true >}} + +{{% tab header="AWS" %}} ```sh ybm cluster create --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= ``` -GCP: +{{% /tab %}} + +{{% tab header="GCP" %}} ```sh ybm cluster create --encryption-spec cloud-provider=GCP,gcp-resource-id=projects//locations//keyRings//cryptoKeys/,gcp-service-account-path=creds.json ``` -Azure: +{{% /tab %}} + +{{% tab header="Azure" %}} ```sh ybm cluster create --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= ``` +{{% /tab %}} + +{{< /tabpane >}} The EAR details are displayed with the cluster details. -AWS: +{{< tabpane text=true >}} + +{{% tab header="AWS" %}} ```sh -ybm cluster describe --cluster-name test-cluster-azure +ybm cluster describe --cluster-name my-sandbox ``` ```output General Name ID Version State Health -test-cluster-azure b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 @@ -264,16 +275,18 @@ AWS 0a80e409-e345-42fc-b456-bafXXXXXXb2c 2023-11-03T07:37:26.351Z arn ... ``` -Azure: +{{% /tab %}} + +{{% tab header="GCP" %}} ```sh -ybm cluster describe --cluster-name test-cluster-azure +ybm cluster describe --cluster-name my-sandbox ``` ```output General Name ID Version State Health -test-cluster-azure b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 +my-sandbox b1676d3f-8898-4c04-a1d6-XXXXXXXXXXXX 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 @@ -281,21 +294,28 @@ AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 ... Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z https://test-azure-gj.vault.azure.net/ ACTIVE +Provider Key Alias Last Rotated Security Principals CMK Status +GCP GCP-test-key 2023-11-03T07:37:26.351Z projects//locations/global/keyRings/GCP-test-key-ring/cryptoKeys/GCP-test-key ACTIVE + ... ``` -GCP: +{{% /tab %}} + +{{% tab header="Azure" %}} + +```sh + +Azure: ```sh -ybm cluster describe --cluster-name test-cluster-azure +ybm cluster describe --cluster-name my-sandbox ``` ```output General Name ID Version State Health -test-cluster-azure b1676d3f-8898-4c04-a1d6-XXXXXXXXXXXX 2.18.3.0-b75 ACTIVE 💚 +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 @@ -303,36 +323,49 @@ AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 ... Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -GCP GCP-test-key 2023-11-03T07:37:26.351Z projects//locations/global/keyRings/GCP-test-key-ring/cryptoKeys/GCP-test-key ACTIVE - +Provider Key Alias Last Rotated Security Principals CMK Status +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z https://test-azure-gj.vault.azure.net/ ACTIVE ... ``` +{{% /tab %}} + +{{< /tabpane >}} + ### Update CMK configuration Use the following commands to update the CMK configuration. If no existing configuration is found, the command creates a new one; otherwise, it updates the current configuration. Note: Only credentials can be modified in the current configuration (for example, AWS access/secret keys or GCP service account credentials). -AWS: +{{< tabpane text=true >}} + +{{% tab header="AWS" %}} ```sh ybm cluster encryption update --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= ``` -GCP: +{{% /tab %}} + +{{% tab header="GCP" %}} ```sh ybm cluster encryption update --encryption-spec resource-id=projects/yugabyte/locations/global/keyRings/test-byok/cryptoKeys/key1,k= ``` -Azure: +{{% /tab %}} + +{{% tab header="Azure" %}} ```sh ybm cluster encryption update --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= ``` +{{% /tab %}} + +{{< /tabpane >}} + ### Update CMK state Use the following commands to enable or disable the CMK state. From a9bb99884ea5e6d46954b1a7c56bac1a234e89c2 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Tue, 18 Feb 2025 19:15:28 +0530 Subject: [PATCH 05/18] update pr with new commands outputs and use tabs --- .../managed-cli-example-create.md | 145 +++++++++++++++--- 1 file changed, 121 insertions(+), 24 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index d9e1472f208..6ac35868ee4 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -226,7 +226,21 @@ Use the following commands to create a new cluster with EAR in AWS, GCP, or Azur {{% tab header="AWS" %}} ```sh -ybm cluster create --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= +ybm cluster create \ + --cluster-name my-sandbox \ + --cloud-provider AWS \ + --cluster-tier Dedicated \ + --cluster-type SYNCHRONOUS \ + ---encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key=aws-arn= \ + --credentials username=admin,password=password \ + --fault-tolerance=ZONE \ + --region-info region=us-east-2,num-nodes=3,num-cores=4 +``` + +```output +The cluster my-sandbox has been created +Name Tier Version State Health Provider Regions Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +my-sandbox Dedicated {{< yb-version version="preview" format="build">}} ACTIVE 💚 AWS us-east-2 3 4 / 16GB / 200GB / 3000 ``` {{% /tab %}} @@ -234,7 +248,21 @@ ybm cluster create --encryption-spec cloud-provider=AWS,aws-secret-key=/locations//keyRings//cryptoKeys/,gcp-service-account-path=creds.json +ybm cluster create + --cluster-name my-sandbox \ + --cloud-provider GCP \ + --cluster-tier Dedicated \ + --cluster-type SYNCHRONOUS \ + --encryption-spec cloud-provider=GCP,gcp-resource-id=projects//locations//keyRings//cryptoKeys/,gcp-service-account-path=creds.json \ + --credentials username=admin,password=password \ + --fault-tolerance=ZONE \ + --region-info region=us-central1,num-nodes=3,num-cores=4 +``` + +```output +The cluster my-sandbox has been created +Name Tier Version State Health Provider Regions Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +my-sandbox Dedicated {{< yb-version version="preview" format="build">}} ACTIVE 💚 GCP us-central1 3 4 / 16GB / 200GB / 3000 ``` {{% /tab %}} @@ -242,7 +270,20 @@ ybm cluster create --encryption-spec cloud-provider=GCP,gcp-resource-id=projects {{% tab header="Azure" %}} ```sh -ybm cluster create --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= +ybm cluster create \ + --cluster-name my-sandbox \ + --cloud-provider AZURE \ + --cluster-tier Dedicated \ + --cluster-type SYNCHRONOUS \ + --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= \ + --credentials username=admin,password=password \ + --fault-tolerance=ZONE --region-info region=eastus,num-nodes=3,num-cores=4 \ +``` + +```output +The cluster my-sandbox has been created +Name Tier Version State Health Provider Regions Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +my-sandbox Dedicated {{< yb-version version="preview" format="build">}} ACTIVE 💚 AZURE eastus 3 4 / 16GB / 200GB / 3000 ``` {{% /tab %}} @@ -262,17 +303,32 @@ ybm cluster describe --cluster-name my-sandbox ```output General Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 -... + +Regions +Region Nodes vCPU/Node Mem/Node Disk/Node VPC +us-east-2 3 4 16GB 200GB + + +Endpoints +Region Accessibility State Host +us-east-2 PUBLIC ACTIVE us-east-2 .XXXXXXXX-8898-4c04-a1d6-bedf5bXXXXXX.aws.devcloud.yugabyte.com + Encryption at Rest Provider Key Alias Last Rotated Security Principals CMK Status -AWS 0a80e409-e345-42fc-b456-bafXXXXXXb2c 2023-11-03T07:37:26.351Z arn:aws:kms:us-east-1:745843456716:key/41c64d5g-c97d-472c-889e-0dXXXXXXXXXX ACTIVE -... +AWS 0a80e409-e690-42fc-b209-XXXXXXXXXXX 2023-11-03T07:37:26.351Z arn:aws:kms:us-east-1::key/ ACTIVE + + +Nodes +Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) +my-sandbox-n1 us-east-2 [us-east-2 a] 💚 ✅ ✅ ❌ 75MB +my-sandbox-n2 us-east-2 [us-east-2 b] 💚 ✅ ✅ ❌ 96MB +my-sandbox-n3 us-east-2 [us-east-2 c] 💚 ✅ ✅ ❌ 76MB ``` {{% /tab %}} @@ -286,28 +342,38 @@ ybm cluster describe --cluster-name my-sandbox ```output General Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-XXXXXXXXXXXX 2.18.3.0-b75 ACTIVE 💚 +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 +GCP Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + + +Regions +Region Nodes vCPU/Node Mem/Node Disk/Node VPC +us-central1 3 4 16GB 200GB + + +Endpoints +Region Accessibility State Host +us-central1 PUBLIC ACTIVE us-central1 .b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX.gcp.devcloud.yugabyte.com -... Encryption at Rest Provider Key Alias Last Rotated Security Principals CMK Status GCP GCP-test-key 2023-11-03T07:37:26.351Z projects//locations/global/keyRings/GCP-test-key-ring/cryptoKeys/GCP-test-key ACTIVE -... + +Nodes +Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) +my-sandbox-n1 us-central1 [us-central1 a] 💚 ✅ ✅ ❌ 75MB +my-sandbox-n2 us-central1 [us-central1 b] 💚 ✅ ✅ ❌ 96MB +my-sandbox-n3 us-central1 [us-central1 c] 💚 ✅ ✅ ❌ 76MB ``` {{% /tab %}} {{% tab header="Azure" %}} -```sh - -Azure: - ```sh ybm cluster describe --cluster-name my-sandbox ``` @@ -318,20 +384,41 @@ Name ID Version State my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 +AZURE Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + + +Regions +Region Nodes vCPU/Node Mem/Node Disk/Node VPC +eastus 3 4 16GB 200GB + + +Endpoints +Region Accessibility State Host +eastus PUBLIC ACTIVE eastus.b1676d3f-8898-4c04-a1d6-bedf5b7867ff.azure.devcloud.yugabyte.com -... Encryption at Rest Provider Key Alias Last Rotated Security Principals CMK Status -AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z https://test-azure-gj.vault.azure.net/ ACTIVE -... +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE + + +Nodes +Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) +my-sandbox-n1 eastus[eastusa] 💚 ✅ ✅ ❌ 75MB +my-sandbox-n2 eastus[eastusb] 💚 ✅ ✅ ❌ 96MB +my-sandbox-n3 eastus[eastusc] 💚 ✅ ✅ ❌ 76MB ``` {{% /tab %}} {{< /tabpane >}} +There is also an alternate way to list the EAR configuration directly, using the encryption list command. + +```sh +ybm cluster encryption describe --cluster-name my-sandbox +``` + ### Update CMK configuration Use the following commands to update the CMK configuration. If no existing configuration is found, the command creates a new one; otherwise, it updates the current configuration. @@ -343,7 +430,9 @@ Note: Only credentials can be modified in the current configuration (for example {{% tab header="AWS" %}} ```sh -ybm cluster encryption update --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= +ybm cluster encryption update \ + --cluster-name my-sandbox \ + --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= ``` {{% /tab %}} @@ -351,7 +440,9 @@ ybm cluster encryption update --encryption-spec cloud-provider=AWS,aws-secret-ke {{% tab header="GCP" %}} ```sh -ybm cluster encryption update --encryption-spec resource-id=projects/yugabyte/locations/global/keyRings/test-byok/cryptoKeys/key1,k= +ybm cluster encryption update \ + --cluster-name my-sandbox \ + --encryption-spec cloud-provider=GCP,resource-id=projects/yugabyte/locations/global/keyRings/test-byok/cryptoKeys/key1,k= ``` {{% /tab %}} @@ -359,7 +450,9 @@ ybm cluster encryption update --encryption-spec resource-id=projects/yugabyte/lo {{% tab header="Azure" %}} ```sh -ybm cluster encryption update --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= +ybm cluster encryption update \ + --cluster-name my-sandbox \ + --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= ``` {{% /tab %}} @@ -373,13 +466,17 @@ Use the following commands to enable or disable the CMK state. #### enable CMK ```sh -ybm cluster encryption update-state --cluster-name test-cluster-arishta --enable +ybm cluster encryption update-state \ + --cluster-name my-sandbox + --enable ``` #### disable CMK ```sh -ybm cluster encryption update-state --cluster-name test-cluster-arishta --disable +ybm cluster encryption update-state \ + --cluster-name my-sandbox + --disable ``` ## Pause, resume, and terminate From e67b38d1d26e29a89d30706154a0d9499754c299 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Tue, 18 Feb 2025 19:18:32 +0530 Subject: [PATCH 06/18] [Docs] Add output examples for CMK configuration commands in managed-cli documentation --- .../managed-cli-example-create.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 6ac35868ee4..58d7308fdfa 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -419,6 +419,12 @@ There is also an alternate way to list the EAR configuration directly, using the ybm cluster encryption describe --cluster-name my-sandbox ``` +```output +A newer version is available. Please upgrade to the latest version v0.1.22 +Provider Key Alias Last Rotated Security Principals CMK Status +AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE +``` + ### Update CMK configuration Use the following commands to update the CMK configuration. If no existing configuration is found, the command creates a new one; otherwise, it updates the current configuration. @@ -471,6 +477,10 @@ ybm cluster encryption update-state \ --enable ``` +```output +Successfully ENABLED encryption spec status for cluster my-sandbox +``` + #### disable CMK ```sh @@ -479,6 +489,10 @@ ybm cluster encryption update-state \ --disable ``` +```output +Successfully DISABLED encryption spec status for cluster my-sandbox +``` + ## Pause, resume, and terminate To list your clusters, enter the following command: From 680b9b7b3831c5edec04f975625b0b9af49b86fc Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Wed, 19 Feb 2025 22:27:29 +0530 Subject: [PATCH 07/18] Apply suggestions from code review Co-authored-by: Dwight Hodge <79169168+ddhodge@users.noreply.github.com> --- .../managed-cli-examples/managed-cli-example-create.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 58d7308fdfa..1cc130a770e 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -231,7 +231,7 @@ ybm cluster create \ --cloud-provider AWS \ --cluster-tier Dedicated \ --cluster-type SYNCHRONOUS \ - ---encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key=aws-arn= \ + --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key=,aws-arn= \ --credentials username=admin,password=password \ --fault-tolerance=ZONE \ --region-info region=us-east-2,num-nodes=3,num-cores=4 @@ -473,7 +473,7 @@ Use the following commands to enable or disable the CMK state. ```sh ybm cluster encryption update-state \ - --cluster-name my-sandbox + --cluster-name my-sandbox \ --enable ``` @@ -485,7 +485,7 @@ Successfully ENABLED encryption spec status for cluster my-sandbox ```sh ybm cluster encryption update-state \ - --cluster-name my-sandbox + --cluster-name my-sandbox \ --disable ``` From 668ae3d567d64d568d3efbe6eb4fa7c6373d1d62 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Thu, 20 Feb 2025 13:09:43 +0530 Subject: [PATCH 08/18] Apply suggestions from code review Co-authored-by: Dwight Hodge <79169168+ddhodge@users.noreply.github.com> --- .../managed-cli-examples/managed-cli-example-create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 1cc130a770e..66a2ed96d5c 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -425,9 +425,9 @@ Provider Key Alias Last Rotated Security Princi AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE ``` -### Update CMK configuration +### Rotate your CMK -Use the following commands to update the CMK configuration. If no existing configuration is found, the command creates a new one; otherwise, it updates the current configuration. +Use the following commands to rotate your CMK. You can also use these commands to encrypt a cluster where the specified cluster does not already have EAR. Note: Only credentials can be modified in the current configuration (for example, AWS access/secret keys or GCP service account credentials). From 53dcb4cb7e9787202adde31349f7514a81e03d45 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Thu, 20 Feb 2025 13:19:22 +0530 Subject: [PATCH 09/18] [Docs] Update managed-cli examples for cluster encryption commands and adjust output messages --- .../managed-cli-example-create.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 66a2ed96d5c..b6b30a2538c 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -248,7 +248,7 @@ my-sandbox Dedicated {{< yb-version version="preview" format="build">}} {{% tab header="GCP" %}} ```sh -ybm cluster create +ybm cluster create \ --cluster-name my-sandbox \ --cloud-provider GCP \ --cluster-tier Dedicated \ @@ -448,7 +448,7 @@ ybm cluster encryption update \ ```sh ybm cluster encryption update \ --cluster-name my-sandbox \ - --encryption-spec cloud-provider=GCP,resource-id=projects/yugabyte/locations/global/keyRings/test-byok/cryptoKeys/key1,k= + --encryption-spec cloud-provider=GCP,gcp-resource-id=projects/yugabyte/locations/global/keyRings/test-byok/cryptoKeys/key1,gcp-service-account-path= ``` {{% /tab %}} @@ -469,30 +469,32 @@ ybm cluster encryption update \ Use the following commands to enable or disable the CMK state. -#### enable CMK +#### disable CMK ```sh ybm cluster encryption update-state \ --cluster-name my-sandbox \ - --enable + --disable ``` ```output -Successfully ENABLED encryption spec status for cluster my-sandbox +Successfully DISABLED encryption spec status for cluster my-sandbox ``` -#### disable CMK +#### enable CMK ```sh ybm cluster encryption update-state \ --cluster-name my-sandbox \ - --disable + --enable ``` ```output -Successfully DISABLED encryption spec status for cluster my-sandbox +Successfully ENABLED encryption spec status for cluster my-sandbox ``` + + ## Pause, resume, and terminate To list your clusters, enter the following command: From d3da315369cf8561ef07fac2296102d75c0db7d8 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Thu, 20 Feb 2025 13:20:44 +0530 Subject: [PATCH 10/18] [Docs] Update encryption command examples with new placeholder values --- .../managed-cli-examples/managed-cli-example-create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index b6b30a2538c..60dcba46e5c 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -438,7 +438,7 @@ Note: Only credentials can be modified in the current configuration (for example ```sh ybm cluster encryption update \ --cluster-name my-sandbox \ - --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= + --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key= ``` {{% /tab %}} @@ -458,7 +458,7 @@ ybm cluster encryption update \ ```sh ybm cluster encryption update \ --cluster-name my-sandbox \ - --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= + --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= ``` {{% /tab %}} From 9e271cddcc29fdf41c481111098b0d57158ba809 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Thu, 20 Feb 2025 13:29:50 +0530 Subject: [PATCH 11/18] [Docs] Update managed-cli example --- .../managed-cli-example-create.md | 108 ++---------------- 1 file changed, 11 insertions(+), 97 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 60dcba46e5c..605cb7da9f9 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -290,11 +290,19 @@ my-sandbox Dedicated {{< yb-version version="preview" format="build">}} {{< /tabpane >}} -The EAR details are displayed with the cluster details. +The EAR details using the encryption list command. -{{< tabpane text=true >}} +```sh +ybm cluster encryption describe --cluster-name my-sandbox +``` -{{% tab header="AWS" %}} +```output +A newer version is available. Please upgrade to the latest version v0.1.22 +Provider Key Alias Last Rotated Security Principals CMK Status +AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE +``` + +Note: The EAR details are also shown when you use cluster describe command. ```sh ybm cluster describe --cluster-name my-sandbox @@ -331,100 +339,6 @@ my-sandbox-n2 us-east-2 [us-east-2 b] 💚 ✅ ✅ ❌ my-sandbox-n3 us-east-2 [us-east-2 c] 💚 ✅ ✅ ❌ 76MB ``` -{{% /tab %}} - -{{% tab header="GCP" %}} - -```sh -ybm cluster describe --cluster-name my-sandbox -``` - -```output -General -Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 - -Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -GCP Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 - - -Regions -Region Nodes vCPU/Node Mem/Node Disk/Node VPC -us-central1 3 4 16GB 200GB - - -Endpoints -Region Accessibility State Host -us-central1 PUBLIC ACTIVE us-central1 .b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX.gcp.devcloud.yugabyte.com - - -Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -GCP GCP-test-key 2023-11-03T07:37:26.351Z projects//locations/global/keyRings/GCP-test-key-ring/cryptoKeys/GCP-test-key ACTIVE - - -Nodes -Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) -my-sandbox-n1 us-central1 [us-central1 a] 💚 ✅ ✅ ❌ 75MB -my-sandbox-n2 us-central1 [us-central1 b] 💚 ✅ ✅ ❌ 96MB -my-sandbox-n3 us-central1 [us-central1 c] 💚 ✅ ✅ ❌ 76MB -``` - -{{% /tab %}} - -{{% tab header="Azure" %}} - -```sh -ybm cluster describe --cluster-name my-sandbox -``` - -```output -General -Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 - -Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -AZURE Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 - - -Regions -Region Nodes vCPU/Node Mem/Node Disk/Node VPC -eastus 3 4 16GB 200GB - - -Endpoints -Region Accessibility State Host -eastus PUBLIC ACTIVE eastus.b1676d3f-8898-4c04-a1d6-bedf5b7867ff.azure.devcloud.yugabyte.com - - -Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE - - -Nodes -Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) -my-sandbox-n1 eastus[eastusa] 💚 ✅ ✅ ❌ 75MB -my-sandbox-n2 eastus[eastusb] 💚 ✅ ✅ ❌ 96MB -my-sandbox-n3 eastus[eastusc] 💚 ✅ ✅ ❌ 76MB -``` - -{{% /tab %}} - -{{< /tabpane >}} - -There is also an alternate way to list the EAR configuration directly, using the encryption list command. - -```sh -ybm cluster encryption describe --cluster-name my-sandbox -``` - -```output -A newer version is available. Please upgrade to the latest version v0.1.22 -Provider Key Alias Last Rotated Security Principals CMK Status -AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE -``` - ### Rotate your CMK Use the following commands to rotate your CMK. You can also use these commands to encrypt a cluster where the specified cluster does not already have EAR. From 6341487f398a213d66c17d05abf77a241dcd8917 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Thu, 20 Feb 2025 13:32:58 +0530 Subject: [PATCH 12/18] [Docs] Update managed-cli cluster examples to use 'my-sandbox' as the cluster name --- .../managed-cli/managed-cli-reference/managed-cli-cluster.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md index 927b41718cb..de969460650 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md @@ -32,7 +32,7 @@ Create a local single-node cluster: ```sh ybm cluster create \ - --cluster-name test-cluster \ + --cluster-name my-sandbox \ --credentials username=admin,password=password123 ``` @@ -47,7 +47,7 @@ ybm cluster create \ --cluster-tier Dedicated \ --fault-tolerance ZONE \ --database-version Innovation \ - --cluster-name test-cluster \ + --cluster-name my-sandbox \ --wait ``` From 3690e39c3065e98c365c5df153d98fbf93734d4d Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Thu, 20 Feb 2025 22:02:17 +0530 Subject: [PATCH 13/18] [Docs] Update managed-cli encryption examples for AWS, GCP, and Azure cloud providers --- .../managed-cli-example-create.md | 134 +++++++++++++++--- 1 file changed, 116 insertions(+), 18 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 605cb7da9f9..6eedcd478b9 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -243,6 +243,55 @@ Name Tier Version State Health Provider Regi my-sandbox Dedicated {{< yb-version version="preview" format="build">}} ACTIVE 💚 AWS us-east-2 3 4 / 16GB / 200GB / 3000 ``` +You can list the EAR details using the encryption list command. + + +```sh +ybm cluster encryption list --cluster-name my-sandbox +``` + +```output +Provider Key Alias Last Rotated Security Principals CMK Status +AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE +``` + +Note the EAR details are also shown when you use `cluster describe` command. + +```sh +ybm cluster describe --cluster-name my-sandbox +``` + +```output +General +Name ID Version State Health +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 + +Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + + +Regions +Region Nodes vCPU/Node Mem/Node Disk/Node VPC +us-east-2 3 4 16GB 200GB + + +Endpoints +Region Accessibility State Host +us-east-2 PUBLIC ACTIVE us-east-2 .XXXXXXXX-8898-4c04-a1d6-bedf5bXXXXXX.aws.devcloud.yugabyte.com + + +Encryption at Rest +Provider Key Alias Last Rotated Security Principals CMK Status +AWS 0a80e409-e690-42fc-b209-XXXXXXXXXXX 2023-11-03T07:37:26.351Z arn:aws:kms:us-east-1::key/ ACTIVE + + +Nodes +Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) +my-sandbox-n1 us-east-2 [us-east-2 a] 💚 ✅ ✅ ❌ 75MB +my-sandbox-n2 us-east-2 [us-east-2 b] 💚 ✅ ✅ ❌ 96MB +my-sandbox-n3 us-east-2 [us-east-2 c] 💚 ✅ ✅ ❌ 76MB +``` + {{% /tab %}} {{% tab header="GCP" %}} @@ -265,6 +314,55 @@ Name Tier Version State Health Provider Regi my-sandbox Dedicated {{< yb-version version="preview" format="build">}} ACTIVE 💚 GCP us-central1 3 4 / 16GB / 200GB / 3000 ``` +You can list the EAR details using the encryption list command. + + +```sh +ybm cluster encryption list --cluster-name my-sandbox +``` + +```output +Provider Key Alias Last Rotated Security Principals CMK Status +GCP 2023-11-03T07:37:26.351Z projects///global/keyRings//cryptoKeys/ ACTIVE +``` + +Note the EAR details are also shown when you use `cluster describe` command. + +```sh +ybm cluster describe --cluster-name my-sandbox +``` + +```output +General +Name ID Version State Health +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 + +Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) +GCP Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 + + +Regions +Region Nodes vCPU/Node Mem/Node Disk/Node VPC +us-central1 3 4 16GB 200GB + + +Endpoints +Region Accessibility State Host +us-central1 PUBLIC ACTIVE us-central1.b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX.gcp.devcloud.yugabyte.com + + +Encryption at Rest +Provider Key Alias Last Rotated Security Principals CMK Status +GCP 2023-11-03T07:37:26.351Z projects///global/keyRings//cryptoKeys/ ACTIVE + + +Nodes +Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) +my-sandbox-n1 us-central1 [us-central1 a] 💚 ✅ ✅ ❌ 75MB +my-sandbox-n2 us-central1 [us-central1 b] 💚 ✅ ✅ ❌ 96MB +my-sandbox-n3 us-central1 [us-central1 c] 💚 ✅ ✅ ❌ 76MB +``` + {{% /tab %}} {{% tab header="Azure" %}} @@ -286,23 +384,19 @@ Name Tier Version State Health Provider Regi my-sandbox Dedicated {{< yb-version version="preview" format="build">}} ACTIVE 💚 AZURE eastus 3 4 / 16GB / 200GB / 3000 ``` -{{% /tab %}} - -{{< /tabpane >}} +You can list the EAR details using the encryption list command. -The EAR details using the encryption list command. ```sh -ybm cluster encryption describe --cluster-name my-sandbox +ybm cluster encryption list --cluster-name my-sandbox ``` ```output -A newer version is available. Please upgrade to the latest version v0.1.22 -Provider Key Alias Last Rotated Security Principals CMK Status -AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE +Provider Key Alias Last Rotated Security Principals CMK Status +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE ``` -Note: The EAR details are also shown when you use cluster describe command. +Note the EAR details are also shown when you use `cluster describe` command. ```sh ybm cluster describe --cluster-name my-sandbox @@ -311,34 +405,38 @@ ybm cluster describe --cluster-name my-sandbox ```output General Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 +my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 +AZURE Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 Regions Region Nodes vCPU/Node Mem/Node Disk/Node VPC -us-east-2 3 4 16GB 200GB +eastus 3 4 16GB 200GB Endpoints Region Accessibility State Host -us-east-2 PUBLIC ACTIVE us-east-2 .XXXXXXXX-8898-4c04-a1d6-bedf5bXXXXXX.aws.devcloud.yugabyte.com +eastus PUBLIC ACTIVE eastus.b1676d3f-8898-4c04-a1d6-bedf5b7867ff.azure.devcloud.yugabyte.com Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -AWS 0a80e409-e690-42fc-b209-XXXXXXXXXXX 2023-11-03T07:37:26.351Z arn:aws:kms:us-east-1::key/ ACTIVE +Provider Key Alias Last Rotated Security Principals CMK Status +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE Nodes Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) -my-sandbox-n1 us-east-2 [us-east-2 a] 💚 ✅ ✅ ❌ 75MB -my-sandbox-n2 us-east-2 [us-east-2 b] 💚 ✅ ✅ ❌ 96MB -my-sandbox-n3 us-east-2 [us-east-2 c] 💚 ✅ ✅ ❌ 76MB +my-sandbox-n1 eastus[eastusa] 💚 ✅ ✅ ❌ 75MB +my-sandbox-n2 eastus[eastusb] 💚 ✅ ✅ ❌ 96MB +my-sandbox-n3 eastus[eastusc] 💚 ✅ ✅ ❌ 76MB ``` +{{% /tab %}} + +{{< /tabpane >}} + ### Rotate your CMK Use the following commands to rotate your CMK. You can also use these commands to encrypt a cluster where the specified cluster does not already have EAR. From 0e5548fc6e1910f96fb149f64fc96ee9e2ade027 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Fri, 21 Feb 2025 16:31:52 +0530 Subject: [PATCH 14/18] Apply suggestions from code review Co-authored-by: Dwight Hodge <79169168+ddhodge@users.noreply.github.com> --- .../managed-cli-examples/managed-cli-example-create.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 6eedcd478b9..10e2345bb37 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -255,7 +255,7 @@ Provider Key Alias Last Rotated Security Princi AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE ``` -Note the EAR details are also shown when you use `cluster describe` command. +EAR details are also shown when you use `cluster describe` command. ```sh ybm cluster describe --cluster-name my-sandbox @@ -477,11 +477,10 @@ ybm cluster encryption update \ {{< /tabpane >}} -### Update CMK state +### Enable and disable EAR -Use the following commands to enable or disable the CMK state. +To disable EAR on a cluster, use the following command: -#### disable CMK ```sh ybm cluster encryption update-state \ @@ -492,8 +491,9 @@ ybm cluster encryption update-state \ ```output Successfully DISABLED encryption spec status for cluster my-sandbox ``` +After you disable EAR, YugabyteDB Aeon uses lazy decryption to decrypt the cluster. -#### enable CMK +To re-enable EAR on a cluster, use the following command: ```sh ybm cluster encryption update-state \ From c75423685d6fbaa53212f8d6902bfdd17939e340 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Fri, 21 Feb 2025 16:49:31 +0530 Subject: [PATCH 15/18] update managed CLI encryption example --- .../managed-cli-example-create.md | 131 +++--------------- 1 file changed, 16 insertions(+), 115 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index 10e2345bb37..d8d082dae0b 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -245,7 +245,6 @@ my-sandbox Dedicated {{< yb-version version="preview" format="build">}} You can list the EAR details using the encryption list command. - ```sh ybm cluster encryption list --cluster-name my-sandbox ``` @@ -257,41 +256,6 @@ AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us- EAR details are also shown when you use `cluster describe` command. -```sh -ybm cluster describe --cluster-name my-sandbox -``` - -```output -General -Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 - -Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -AWS Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 - - -Regions -Region Nodes vCPU/Node Mem/Node Disk/Node VPC -us-east-2 3 4 16GB 200GB - - -Endpoints -Region Accessibility State Host -us-east-2 PUBLIC ACTIVE us-east-2 .XXXXXXXX-8898-4c04-a1d6-bedf5bXXXXXX.aws.devcloud.yugabyte.com - - -Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -AWS 0a80e409-e690-42fc-b209-XXXXXXXXXXX 2023-11-03T07:37:26.351Z arn:aws:kms:us-east-1::key/ ACTIVE - - -Nodes -Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) -my-sandbox-n1 us-east-2 [us-east-2 a] 💚 ✅ ✅ ❌ 75MB -my-sandbox-n2 us-east-2 [us-east-2 b] 💚 ✅ ✅ ❌ 96MB -my-sandbox-n3 us-east-2 [us-east-2 c] 💚 ✅ ✅ ❌ 76MB -``` - {{% /tab %}} {{% tab header="GCP" %}} @@ -316,7 +280,6 @@ my-sandbox Dedicated {{< yb-version version="preview" format="build">}} You can list the EAR details using the encryption list command. - ```sh ybm cluster encryption list --cluster-name my-sandbox ``` @@ -326,42 +289,7 @@ Provider Key Alias Last Rotated Security Principals GCP 2023-11-03T07:37:26.351Z projects///global/keyRings//cryptoKeys/ ACTIVE ``` -Note the EAR details are also shown when you use `cluster describe` command. - -```sh -ybm cluster describe --cluster-name my-sandbox -``` - -```output -General -Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX 2.18.3.0-b75 ACTIVE 💚 - -Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -GCP Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 - - -Regions -Region Nodes vCPU/Node Mem/Node Disk/Node VPC -us-central1 3 4 16GB 200GB - - -Endpoints -Region Accessibility State Host -us-central1 PUBLIC ACTIVE us-central1.b1676d3f-8898-4c04-a1d6-bedf5bXXXXXX.gcp.devcloud.yugabyte.com - - -Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -GCP 2023-11-03T07:37:26.351Z projects///global/keyRings//cryptoKeys/ ACTIVE - - -Nodes -Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) -my-sandbox-n1 us-central1 [us-central1 a] 💚 ✅ ✅ ❌ 75MB -my-sandbox-n2 us-central1 [us-central1 b] 💚 ✅ ✅ ❌ 96MB -my-sandbox-n3 us-central1 [us-central1 c] 💚 ✅ ✅ ❌ 76MB -``` +EAR details are also shown when you use `cluster describe` command. {{% /tab %}} @@ -386,7 +314,6 @@ my-sandbox Dedicated {{< yb-version version="preview" format="build">}} You can list the EAR details using the encryption list command. - ```sh ybm cluster encryption list --cluster-name my-sandbox ``` @@ -396,42 +323,7 @@ Provider Key Alias Last Rotated Sec AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE ``` -Note the EAR details are also shown when you use `cluster describe` command. - -```sh -ybm cluster describe --cluster-name my-sandbox -``` - -```output -General -Name ID Version State Health -my-sandbox b1676d3f-8898-4c04-a1d6-bedf5b7867ff 2.18.3.0-b75 ACTIVE 💚 - -Provider Tier Fault Tolerance Nodes Node Res.(Vcpu/Mem/DiskGB/IOPS) -AZURE Dedicated ZONE, RF 3 3 4 / 16GB / 200GB / 3000 - - -Regions -Region Nodes vCPU/Node Mem/Node Disk/Node VPC -eastus 3 4 16GB 200GB - - -Endpoints -Region Accessibility State Host -eastus PUBLIC ACTIVE eastus.b1676d3f-8898-4c04-a1d6-bedf5b7867ff.azure.devcloud.yugabyte.com - - -Encryption at Rest -Provider Key Alias Last Rotated Security Principals CMK Status -AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE - - -Nodes -Name Region[zone] Health Master Tserver ReadReplica Used Memory(MB) -my-sandbox-n1 eastus[eastusa] 💚 ✅ ✅ ❌ 75MB -my-sandbox-n2 eastus[eastusb] 💚 ✅ ✅ ❌ 96MB -my-sandbox-n3 eastus[eastusc] 💚 ✅ ✅ ❌ 76MB -``` +EAR details are also shown when you use `cluster describe` command. {{% /tab %}} @@ -481,7 +373,6 @@ ybm cluster encryption update \ To disable EAR on a cluster, use the following command: - ```sh ybm cluster encryption update-state \ --cluster-name my-sandbox \ @@ -489,10 +380,22 @@ ybm cluster encryption update-state \ ``` ```output -Successfully DISABLED encryption spec status for cluster my-sandbox +Successfully DISABLED encryption at rest for cluster my-sandbox ``` + After you disable EAR, YugabyteDB Aeon uses lazy decryption to decrypt the cluster. +You can check the status of the EAR using the encryption list command. + +```sh +ybm cluster encryption list --cluster-name my-sandbox +``` + +```output +Provider Key Alias Last Rotated Security Principals CMK Status +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z NOT_ACTIVE +``` + To re-enable EAR on a cluster, use the following command: ```sh @@ -502,11 +405,9 @@ ybm cluster encryption update-state \ ``` ```output -Successfully ENABLED encryption spec status for cluster my-sandbox +Successfully ENABLED encryption at rest for cluster my-sandbox ``` - - ## Pause, resume, and terminate To list your clusters, enter the following command: From 53cf35bf6e6e7e9aba20caebc459966c54666ff8 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Fri, 21 Feb 2025 16:56:48 +0530 Subject: [PATCH 16/18] Add encryption update-state command to managed CLI cluster documentation --- .../managed-cli-reference/managed-cli-cluster.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md index de969460650..c2b7bdbcafd 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md @@ -115,6 +115,16 @@ Update the credentials to use for the customer managed key (CMK) used to encrypt | --cluster-name | Required. Name of the cluster. | | --encryption-spec | CMK credentials for encryption at rest, provided as key-value pairs.
Arguments:
  • cloud-provider - cloud provider (`AWS`, `AZURE`, or `GCP`); required
Required for AWS only:
  • aws-access-key - access key ID
  • aws-secret-key - secret access key
  • aws-arn - Amazon resource name of the CMK
If not provided, you are prompted for the secret access key. AWS secret access key can also be configured using the YBM_AWS_SECRET_KEY [environment variable](../../managed-cli-overview/#environment-variables).

Required for GCP only:
  • gcp-resource-id - cloud KMS resource ID
  • gcp-service-account-path - path to the service account credentials key file
Required for Azure only:
  • azu-client-id - client ID of registered application
  • azu-client-secret - client secret of registered application
  • azu-tenant-id - Azure tenant ID
  • azu-key-name - key name
  • azu-key-vault-uri - key vault URI in the form `https://myvault.vault.azure.net`
| +### encryption update-state + +Update the Encryption at Rest (EaR) state for the specified cluster. + +| Flag | Description | +| :--- | :--- | +| --cluster-name | Name of the cluster. | +| --enable | Enable Encryption at Rest for the cluster. | +| --disable | Disable Encryption at Rest for the cluster. | + ### list List all the clusters to which you have access. From 8e37ab91dad98364f822fa510c079a15bf92dc5c Mon Sep 17 00:00:00 2001 From: Dwight Hodge Date: Fri, 21 Feb 2025 11:24:56 -0500 Subject: [PATCH 17/18] tidyups --- .../managed-cli-example-create.md | 17 +++++++++-------- .../managed-cli-cluster.md | 10 ++++++---- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index d8d082dae0b..ada9a137ad4 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -233,7 +233,7 @@ ybm cluster create \ --cluster-type SYNCHRONOUS \ --encryption-spec cloud-provider=AWS,aws-secret-key=,aws-access-key=,aws-arn= \ --credentials username=admin,password=password \ - --fault-tolerance=ZONE \ + --fault-tolerance ZONE \ --region-info region=us-east-2,num-nodes=3,num-cores=4 ``` @@ -254,7 +254,7 @@ Provider Key Alias Last Rotated Security Princi AWS XXXXXXXX-e690-42fc-b209-baf969930b2c - arn:aws:kms:us-east-1:712345678912:key/db272c8d-1592-4c73-bfa3-420d05822933 ACTIVE ``` -EAR details are also shown when you use `cluster describe` command. +EAR details are also shown when you use the `cluster describe` command. {{% /tab %}} @@ -268,7 +268,7 @@ ybm cluster create \ --cluster-type SYNCHRONOUS \ --encryption-spec cloud-provider=GCP,gcp-resource-id=projects//locations//keyRings//cryptoKeys/,gcp-service-account-path=creds.json \ --credentials username=admin,password=password \ - --fault-tolerance=ZONE \ + --fault-tolerance ZONE \ --region-info region=us-central1,num-nodes=3,num-cores=4 ``` @@ -289,7 +289,7 @@ Provider Key Alias Last Rotated Security Principals GCP 2023-11-03T07:37:26.351Z projects///global/keyRings//cryptoKeys/ ACTIVE ``` -EAR details are also shown when you use `cluster describe` command. +EAR details are also shown when you use the `cluster describe` command. {{% /tab %}} @@ -303,7 +303,8 @@ ybm cluster create \ --cluster-type SYNCHRONOUS \ --encryption-spec cloud-provider=AZURE,azu-client-id=,azu-client-secret=,azu-tenant-id=,azu-key-name=test-key,azu-key-vault-uri= \ --credentials username=admin,password=password \ - --fault-tolerance=ZONE --region-info region=eastus,num-nodes=3,num-cores=4 \ + --fault-tolerance ZONE \ + --region-info region=eastus,num-nodes=3,num-cores=4 \ ``` ```output @@ -323,7 +324,7 @@ Provider Key Alias Last Rotated Sec AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z ACTIVE ``` -EAR details are also shown when you use `cluster describe` command. +EAR details are also shown when you use the `cluster describe` command. {{% /tab %}} @@ -331,9 +332,9 @@ EAR details are also shown when you use `cluster describe` command. ### Rotate your CMK -Use the following commands to rotate your CMK. You can also use these commands to encrypt a cluster where the specified cluster does not already have EAR. +Use the `encryption update` command to rotate your CMK. You can also use this command to encrypt a cluster that does not already have EAR. -Note: Only credentials can be modified in the current configuration (for example, AWS access/secret keys or GCP service account credentials). +When encrypting an existing cluster, YugabyteDB Aeon uses lazy encryption. {{< tabpane text=true >}} diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md index c2b7bdbcafd..cdcf516a92a 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-reference/managed-cli-cluster.md @@ -20,6 +20,8 @@ Use the `cluster` resource to perform operations on a YugabyteDB Aeon cluster, i - download the cluster certificate - encrypt clusters and manage encryption +For a tutorial using the `cluster` command, including creating and updating clusters, connecting, and using encryption at rest, refer to [Create clusters](../../managed-cli-examples/managed-cli-example-create/). + ## Syntax ```text @@ -108,7 +110,7 @@ List the encryption at rest configuration for the specified cluster. ### encryption update -Update the credentials to use for the customer managed key (CMK) used to encrypt the specified cluster. +Update the credentials and rotate the customer managed key (CMK) used to encrypt the specified cluster. |
Flag
| Description | | :--- | :--- | @@ -117,13 +119,13 @@ Update the credentials to use for the customer managed key (CMK) used to encrypt ### encryption update-state -Update the Encryption at Rest (EaR) state for the specified cluster. +Update the encryption at rest state for the specified cluster. | Flag | Description | | :--- | :--- | | --cluster-name | Name of the cluster. | -| --enable | Enable Encryption at Rest for the cluster. | -| --disable | Disable Encryption at Rest for the cluster. | +| --enable | Enable encryption at rest for the cluster. | +| --disable | Disable encryption at rest for the cluster. | ### list From d32b6a30c820558059a89bdaddb275abbcbe80e1 Mon Sep 17 00:00:00 2001 From: Sudhanshu Prajapati Date: Tue, 25 Feb 2025 12:52:30 +0530 Subject: [PATCH 18/18] Apply suggestions from code review --- .../managed-cli-examples/managed-cli-example-create.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md index ada9a137ad4..f757227df24 100644 --- a/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md +++ b/docs/content/preview/yugabyte-cloud/managed-automation/managed-cli/managed-cli-examples/managed-cli-example-create.md @@ -394,8 +394,7 @@ ybm cluster encryption list --cluster-name my-sandbox ```output Provider Key Alias Last Rotated Security Principals CMK Status -AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z NOT_ACTIVE -``` +AZURE 8aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5b 2023-11-03T07:37:26.351Z DISABLED To re-enable EAR on a cluster, use the following command: