storagePassphrase script
Set the passphrase for your storage repository with the storagePassphrase.sh or storagePassphrase.bat script.
Usage
The Storage component requires a passphrase, which is used to generate a key, which is used to encrypt the AES keys that are used to encrypt data at rest. These keys are called key-encryption keys (KEK). The passphrase must be stored on the database, so that when a new bucket and variant is provisioned, the passphrase is read and used to generate a KEK for the bucket or variant. The KEK generation passphrase is stored as a property on the B2B Mailbox Engine application record (com.ibm.mailbox.storage.kek.passphrase). It is stored encrypted, using the same encryption mechanism used to encrypt external passwords. Run the storagePassphrase script from install_dir to set the passphrase.Environments
- Linux® or UNIX (storagePassphrase.sh)
- Windows (storagePassphrase.bat)
Authorization
You must be a Global Mailbox administrator to view and modify the passphrase with the storagePassphrase command line script.To use the command line script, you must provide your Global Mailbox administrator user ID and password.
Syntax
install_dir./storagePassphrase.sh -commandoptionsvaluesOption descriptions
- --appID=<applicationID>
- The identifier assigned by Global Mailbox for the application. For example, 5f843ea0-c4d4-11e3-9c1a-0800200c9a67.
- --adminUser=<admin id>
- The Global Mailbox administrator user ID.
- --adminPassword=<admin pwd>
- The Global Mailbox administrator password.
- --Pcom.ibm.mailbox.storage.kek.passphrase=<passphrase>
- --encryption=true
- Setting to true ensures that the passphrase is stored encrypted on the database.
Examples
updateAppConfig--appID=5f843ea0-c4d4-11e3-9c1a-0800200c9a67 --adminUser=<admin id> --adminPassword=<admin pwd> --Pcom.ibm.mailbox.storage.kek.passphrase=<passphrase> --encryption=true