DOKK / manpages / debian 12 / clevis-luks / clevis-luks-edit.1.en
CLEVIS-LUKS-EDIT(1)   CLEVIS-LUKS-EDIT(1)

clevis-luks-edit - Edit a binding from a clevis-bound slot in a LUKS device

clevis luks edit [-f] -d DEV -s SLT [-c CONFIG]

The clevis luks edit command edits clevis bindings from a LUKS device. For example:

clevis luks edit -d /dev/sda1 -s 1

-d DEV : The LUKS device to edit clevis-bound pins

-s SLT : The slot to use when editing the clevis binding

-f : Proceed with the edit operation even if the config is unchanged

-c CONFIG : The updated config to use

clevis luks list -d /dev/sda1
1: tang '{"url":"addr"}'

As we can see in the example above, /dev/sda1 has one slots bound, in this case, to a tang pin.

We can edit this binding by issuing the following command:

clevis luks edit -d /dev/sda1 -s 1

This will open a text editor — the one set in the $EDITOR environment variable, or vi, as a fallback — with the current configuration of this binding to be edited. In this case, we should have the following:

{

"url": "addr" }

Once at the editor, we can edit the pin configuration. For tang, we could edit the url, for instance. After completing the change, save the file and exit. The updated configuration will be validated for JSON, and if there are no errors, you will be shown the updated configuration and prompted whether to proceed.

By proceeding, the binding will be updated. There may be required to provide a valid LUKS passphrase for the device.

In the second example, we will update the same device and slot, but we will be providing the updated configuration as well:

clevis luks edit -d /dev/sda1 -s 1 -c '{"url":"new-addr-here"}'

In this case, the binding update will be done in non-interactive mode. Note that it may also be required to provide a LUKS passphrase for the device.

clevis-luks-list(1) <clevis-luks-list.1.adoc>,