teleport icon indicating copy to clipboard operation
teleport copied to clipboard

Published 20 hours ago verified publisher icon gravitational

tctl get all - stale documentation

Open smallinsky opened this issue 1 year ago • 2 comments

Applies To

https://goteleport.com/docs/management/operations/backup-restore/#example-of-backing-up-and-restoring-a-cluster

Details

Our docs says that tctl get all --with-secrets can be triggered by teleport user : tsh login --proxy=teleport.example.com --user=myuser

Log in to your cluster with tsh so you can use tctl from your local machine. You can also run tctl on your Auth Service host without running "tsh login" first.

tsh login --proxy=teleport.example.com --user=myuser Export dynamic configuration state from old cluster

tctl get all --with-secrets > state.yaml

Where actually tctl get all can be only executed on Teleport Auth instance that has BuildIn Admin user: issues/8539

Additionally tctl get all and tctl get all --with-secrets overwrites withSecret flag to true:
So all following commands are equal: tctl get all == tctl get all --no-with-secrets == tctl get all --with-secrets https://github.com/gravitational/teleport/blob/c0c04c50e45b214cadfecc75b2f951b2fba822af/tool/tctl/common/resource_command.go#L257

tctl get all --no-with-secrets
ERROR: this request can be only executed by an admin

smallinsky avatar Sep 14 '23 09:09 smallinsky