Manage the Master Secret
The master secret is required to start the gateway. The secret protects artifacts used by the gateway instance, such as the keystore, trust stores and credential stores.
You configure the gateway to persist the master secret, which is saved in the
$gateway /data/security/master
file. Ensure that this directory has the appropriate
permissions set for your environment. To set the master secret, enter:
cd $gateway bin/knoxcli.cmd create-master
A warning displays indicating that persisting the secret is less secure than providing it at startup. Knox protects the password by encrypting it with AES 128 bit encryption; where possible, the file permissions are set to be accessible only by the knox user.
Warning | |
---|---|
Ensure that the security directory, |
Changing the Master Secret
The Master Secret can be changed under dire situations where the Administrator has to redo all the configurations for every dateway instance in a deployment, and no longer knows the Master Secret. Recreating the Master Secret requires not only recreating the master, but also removing all existing keystores and reprovisioning the certificates and credentials.
To change the Master Secret:
cd $gateway bin/knoxcli.cmd create-master--force
If there is an existing keystore, update the keystore.