Carbonio Mesh’s credentials are kept in the file /etc/zextras/service-discover/cluster-credentials.tar.gpg, which is a tar archive encrypted with GPG. The tar archive contains the following files:
- The bootstrap token is a type of token.
- Carbonio Mesh’s internal CA and its associated private key
- The cryptographic keys
The file containing the Carbonio Mesh credentials must be available and accessible for different administrative actions, including Carbonio CE setup and upgrade, pending-setups, and other minor procedures involving Carbonio CE components.
The above-mentioned file is GPG-encrypted with a secret (nothing more than another password), which is kept in /var/lib/service-discover/password and is only accessible by the root user. When performing the pending-setups command and the Service Discover installation procedure, the secret is required.