Securing Credentials
Also available as:

Change the Current Master Key

How to change the master key.

  • If you know the current master key or if the current master key has been persisted:
    1. Re-run the encryption setup command and follow the prompts: ambari-server setup-security.
    2. Select Option 2:
      Choose one of the following options:
      [1] Enable HTTPS for Ambari server.
      [2] Encrypt passwords stored in file.
      [3] Setup Ambari kerberos JAAS configuration.
    3. Enter the current master key when prompted if necessary (if it is not persisted or set as an environment variable).
    4. At the Do you want to reset Master Key prompt, enter yes.
    5. At the prompt, enter the new master key and confirm.
  • If you do not know the current master key:
    • Remove encryption entirely, as described in “Remove Encryption Entirely” (link below).
    • Re-run ambari-server setup-security as described above.
    • Start or restart the Ambari Server: ambari-server restart.