Configuring Proxy with Apache Knox
Also available as:
loading table of contents...

Change the Master Secret

How to change the Master Secret, when configuring the Knox Gateway.

The Master Secret can be changed under dire situations where the Administrator has to redo all the configurations for every gateway instance in a deployment, and no longer knows the Master Secret. Recreating the Master Secret requires not only recreating the master, but also removing all existing keystores and reprovisioning the certificates and credentials.


Ensure that the security directory, $gateway/data/security, and its contents are readable and writable only by the knox user. This is the most important layer of defense for master secret. Do not assume that the encryption is sufficient protection.

  1. Enter:
    bin/ create-master --force
  2. If there is an existing keystore, update the keystore.