Changing the data encryption key for Watson OpenScale

You can change the encryption key that is used to encrypt data in Watson OpenScale.

Procedure

You must complete the following steps change the Watson OpenScale etcd encryption key:
  1. Log in to Red Hat OpenShift Container platform with the following command: 
    oc login <OpenShift_URL>:<port>
  2. Backup the current Watson OpenScale encryption key with the following command: 
    instanceProjectName='cpd-instance'
instanceCRName='aiopenscale' 

oc get Secret ${instanceCRName}-encryption-secret -n ${instanceProjectName} -o yaml > ${instanceCRName}-encryption-secret.yaml

    If you did not install Cloud Pak for Data in the cpd-instance project or use aiopenscale as the name of the Watson OpenScale custom resource, specify accurate values in the instanceProjectName and instanceCRName fields.

  3. Change the Watson OpenScale etcd encryption key with the following command:
    base64EncryptionpKey=`echo -n <newEncryptionKey> | base64 | tr -d '\n'`

oc patch Secret ${instanceCRName}-encryption-secret -n ${instanceProjectName}  --type merge --patch '{"data": {"encryptionKey": "'${base64EncryptionpKey}'"}}'

    Replace the <newEncryptionKey> variable with the value of the encryption key that you want to add.

  4. Restart the Watson OpenScale pods that rely on the encryption key with following command: 
    oc delete pod -n ${instanceProjectName} -l "component in (aios-configuration,aios-notification,aios-scheduling)"