hcl Manual Pages
The following topics consist of the manual pages for hcl, hcs3, and htroot.
hcs3 Man Page
HCS3(1) User Manuals HCS3(1)
NAME
hcs3 - Encrypted files on Amazon S3 using HyTrust DataControl
SYNOPSIS
hcs3 [OPTIONS]
DESCRIPTION
The hcs3 command is used to manage encrypted files on Amazon S3 using
HyTrust's DataControl.
OPTIONS
The options are as follows:
status
Display information about stores, buckets and properties.
setstore aws_access_key_id aws_secret_access_key
Cache the AWS access key and secret key in local configuration
file. The policy agent keeps the credentials in an encrypted
configuration file.
To clear the previously set values, run setstore with empty
strings, like
hcs3 setstore "" ""
Alternatively the user can also use environment variables to
pass the AWS credentials to hcs3 commands. Following variables
are required -
AWS_ACCESS_KEY_ID - AWS access key.
AWS_SECRET_ACCESS_KEY - AWS secret key.
Access and secret key variables override credentials stored in
credential and config files.
useraccess <-d | -e no_of_days>
hcs3 command can only be used by root user or Administrator
(Windows) by default.
Enable the access for non-root (non-Administrator) user. The
access can be enabled for specific number of days (-e). If the
zero number of days are specified, then the access is enabled
for ever until specifically revoked using "-d" option.
The root user can disable the non-root access using -d option.
create bucketname
This command creates a bucket in AWS S3. It also creates a
default key for encrypting the files which are uploaded to this
bucket. Note that the actual bucket name in Amazon S3 might dif-
fer.
delete bucketname
This command removes the specified bucket in S3. It also removes
the default encryption key for this bucket. Note that if the
bucket is not empty, then it can not be removed.
set property=value
There is only one property supported at present. "tmp" can be
set to full path of any directory to which the user has access.
This directory is used to temporarily hold the files as they are
encrypted or decrypted, in transit.
To clear the previously set property, run set with empty
strings, like
hcs3 set tmp=
list [bucketname]
This command displays all the buckets accessible with the cur-
rent AWS credentials. If the bucketname is specified then it
displays the list of files in the given bucket.
add [-k keyid] [-s] bucketname filename
Add a file "filename" to AWS S3 bucket. The file is encrypted
with the default key for this bucket. "filename" can be rela-
tive or absolute pathname. The filename specified here is used
as identifier for the file in the AWS bucket.
If -k keyid is specified then this key is used to encrypt the
file instead of the default key.
If -s is specified then the command shows upload statistics as
the file is copied to AWS.
rm bucketname filename
This command removes the specified file from the bucket identi-
fied by "bucketname".
get [-s] bucketname filename [ofilename]
This command retrieves the specified file from AWS bucket. The
decrypted file is copied to the location specified by "filename"
If "ofilename" is specified then the decrypted file is copied to
this path.
If -s is specified then the command shows download statistics as
the file is copied from AWS.
version
Display the version of the DataControl agent software.
-h | -?
This command displays all the options available through the hcs3
command.
FILES
/opt/hcs
The default location of the HyTrust DataControl configuration
files.
/var/log/hcl.log
The HyTrust DataControl log file, hcs3 logs errors here. If
errors are detected, you will be requested to provide this file
to HyTrust support staff.
$HOME/hcs3.log
The HyTrust DataControl hcs3 log file, when hcs3 is run as a
non-root user, hcs3 logs errors here. If errors are detected,
you will be requested to provide this file to HyTrust support
staff. This file is created in the HOME directory of the user.
BUGS
See the HyTrust Release Notes for information about bugs and caveats in
the software.
AUTHOR
HyTrust Inc.
SEE ALSO
hcl(1)
Linux OCTOBER 2016 HCS3(1)