Replacing passwords, keys, and certificates

Ensure the security of your API Connect deployment by replacing compromised passwords, keys, and certificates.

About this task

Each subsystem uses one or more passwords, database keys, and registration secrets. In some cases, an update takes effect immediately or on the next log-in, but some components require a restart to apply the update. Follow the procedure for updating each subsystem to ensure that you complete all required steps.

All subsystems use TLS certificates to encrypt communications both within each subsystem, between subsystems, and with clients. The procedure for renewing a certificate depends on whether you use cert-manager. After you replace a certificate in a subsystem, you must restart all pods that are affected by the certificate, so there will be a service interruption.

The instructions in this section are written for deployments on Kubernetes and details for other platforms appear at the end of the section. Before you begin updating passwords, keys, and certificates, review the entire section to ensure you understand the procedures and are aware of any platform-specific differences that affect your deployment.

Attention: Before you change any passwords, keys, or certificates, you should disable scheduled backups for the Management subsystem as explained in this section. After the updates are complete, enable backups.