# dnf install ipa-kra-install

# kinit tscherf

# ipa vault-add company-cc --desc "My company's credit card data" --type symmetric

# ipa vault-archive company-cc --in ~/company-cc.txt

# ipa vault-retrieve company-cc --out ~/company-cc.txt

# kinit admin

# ipa vault-add team-keys --desc "Team keys" --type symmetric --shared --password-file passwd.txt

# ipa vault-add-member team-keys --shared --groups schalke --users tscherf

# ipa vault-archive team-keys --shared --in ~/team-keys.txt --password-file passwd.txt

# kinit tscherf

[root@ipa01 ~]# ipa vault-retrieve team-keys --shared --out my-team-keys.txt --password-file passwd.txt

# openssl genrsa -out mykey.pem 2048
# openssl rsa -in mykey.pem -pubout > mykey.pub
# ipa vault-add private --type asymmetric --public-key-file mykey.pub

# ipa vault-archive private --in ~/data.txt

# ipa vault-retrieve private --private-key-file=mykey.pem --out data.txt