Setting the encryption-secret for the management database

Use the APICUP installer certs commands to set the encryption-secret for the management database.

About this task

Note: Certificates are automatically copied during an upgrade (if the upgrade is initiated from the original project directory). For more information, see Upgrading API Connect in a Kubernetes environment
The encryption-secret is a secure random bytes password used for field level encryption in the management database. You can generate 128 random bytes using the following command in openssl:
openssl rand -out /path/to/secret/encryption-secret.bin 128
Important: The encryption-secret can only be set once and only during initial installation. See Installing the Management subsystem into a Kubernetes environment.

Procedure

  1. Enter the apicup certs set SUBSYS CERT_NAME [KEY_FILE] command and complete the following values:
    • SUBSYS - The subsystem for the encryption-secret is the name of your management subsystem, because it is used for field-level encryption for the management database.
    • CERT_NAME - The certificate name is encryption-secret.
    • KEY_FILE - Enter the file name for a secure random bytes string that is 128 bytes in length, for example encryption-secret.bin.
  2. Set the remaining certificates if using custom certificates and install the management subsystem.