Rotate keys

In environments that use Enhanced Encryption, you can rotate keys on your Groundplex nodes.
  • The environment must have an Enhanced Encryption subscription and be configured to use it.
  • A Linux Groundplex node with the latest Snaplex RPM/DEB installation package.
To rotate the keys for Enhanced Encryption:
  1. As root user on the Groundplex node's host, run the following command: /opt/snaplogic/bin/ addDataKey key_alias
    This command generates a new key pair and appends it to the keystore in the /etc/snaplogic folder with the specified alias.
  2. Copy /etc/snaplogic/jcc-datakeys.jks and /etc/snaplogic/jcc-datakeys.pass to:
    • On Linux machines: The /etc/snaplogic folder on all Snaplex node hosts.
    • On Windows machines: The folder defined by the jcc.jvm_options global property SL_KEY_DIR value in the Snaplex settings. The instructions to prepare Windows nodes describe how to find this property.
  3. Restart the nodes from the command line or from the IIP Dashboard.
  4. In the Classic Manager, From the navigation pane, select Settings.
  5. Scroll to Account Data Encryption and click Configure Encryption.
  6. Select the public key with the alias you provided on the command line in Step 2.
  7. Confirm the new key. This configuration causes all accounts to be decrypted using the existing keys and then re-encrypted with the newly selected Org-level key.
  8. Click Update to apply Enhanced Encryption. 
    The new status displays if you click Enhanced Encryption.