operator

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2025 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package operator provides CLI commands for SPIKE Nexus administrative operations.

This package implements privileged commands that require special SPIFFE roles for disaster recovery scenarios. These commands are used by operators to manage the root key recovery process.

Available commands:

  • recover: Retrieves recovery shards from a healthy SPIKE Nexus instance. Requires the "recover" role. Shards are saved to the recovery directory as hex-encoded files.

  • restore: Submits recovery shards to a failed SPIKE Nexus instance to restore the root key. Requires the "restore" role. Shards are entered interactively with hidden input for security.

Recovery workflow:

  1. While SPIKE Nexus is healthy, run "spike operator recover" to obtain and securely store the recovery shards.
  2. If SPIKE Nexus fails and cannot auto-recover via SPIKE Keeper, run "spike operator restore" multiple times to submit the required number of shards.
  3. Once enough shards are collected, SPIKE Nexus reconstructs the root key and resumes normal operation.

Security considerations:

  • Recovery shards are sensitive cryptographic material and should be encrypted and stored in separate secure locations.
  • Input during restore is hidden to prevent shoulder-surfing.
  • Shards are cleared from memory immediately after use.
  • Role-based access control ensures only authorized operators can perform these operations.

See https://spike.ist/operations/recovery/ for detailed recovery procedures.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCommand added in v0.8.0 

func NewCommand(
	source *workloadapi.X509Source, SPIFFEID string,
) *cobra.Command

NewCommand creates a new cobra.Command for managing SPIKE admin operations. It initializes an "operator" command with subcommands for recovery and restore operations.

Parameters:

  • source: An X509Source used for SPIFFE authentication. Can be nil if the Workload API connection is unavailable. Subcommands will check for nil and display user-friendly error messages instead of crashing.
  • SPIFFEID: The SPIFFE ID associated with the operator

Returns:

  • *cobra.Command: A configured cobra command for operator management

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.