Manually encrypting a configuration value

Use the system key tool to manually encrypt sensitive configuration values.

Use the system key tool to manually encrypt sensitive configuration values. Manually editing configuration files requires manually encrypting the value and copying it to the appropriate location.

cluster_name.conf

The location of the cluster_name.conf file depends on the type of installation:
  • Package installations: /etc/opscenter/clusters/cluster_name.conf
  • Tarball installations: install_location/conf/clusters/cluster_name.conf

Procedure

  1. Change to the directory for the OpsCenter daemon (opscenterd). For example, your opscenterd directory might be /usr/share/opscenter/bin in a package installation.
    cd path_to/opscenterd_directory
  2. Run the system key tool with the value parameter.
    opscenter_system_key_tool value
  3. When prompted, enter and confirm the value to encrypt.
    Enter value to encrypt:
    Confirm value to encrypt:
    The system key tool displays the encrypted value.
  4. Copy and paste the encrypted value into the appropriate location in the configuration file. For an existing cluster, manually update the encryption-required fields in the cluster_name.conf file.
    Important: For a new cluster or node, do not paste the encrypted value into the password or other encryption-required fields of the OpsCenter interface. OpsCenter automatically encrypts the sensitive fields such as passwords and writes the encrypted values to the configuration files.
  5. Repeat the previous steps for each configuration value that requires encryption.
  6. Restart OpsCenter.