Sharing secured properties among servers
To share applications that have secured properties among HCL DevOps Deploy (Deploy) servers, exchange keys from each server's encryption keystore.
Before you begin
About this task
Procedure
- On the first server, open a command-line window, and go to the server installation conf/server directory.
- Find the value of the encryption.keystore.alias property
in the install/conf/server/installed.properties file.
For example, the following code shows a value of
abcdkey1234:encryption.keystore=../app_data/conf/encryption.keystore encryption.keystore.alias=abcdkey1234You must have this alias to complete the next steps. -
Go to the folder that contains the keystore file
encryption.keystore.
The default location is appData/conf/encryption.keystore, where appData is the application data folder.
- Run the following command
to import the server key into a temporary keystore.You must enter this command on a single line.
keytool -importkeystore -srckeystore encryption.keystore -srcstorepass srcPassword -srcstoretype pkcs12 -alias alias -destkeystore temp.keystore -deststorepass tempPassword -deststoretype pkcs12- For the srcPassword variable, specify the password for the server
keystore. The default password is
changeit. - For the alias variable, specify the value of the encryption.keystore.alias property.
- For the tempPassword variable, specify a password for the temporary keystore. You will use this password later.
- For the srcPassword variable, specify the password for the server
keystore. The default password is
-
Copy the temporary keystore, which is named temp.keystore in the previous
example and store it in the appropriate folder on the second server.
Check the server.appdata.dir property in the installed.properties file to determine where to store the keystore.
- If the server.appdata.dir property has a value of two periods (..), copy the keystore to the install/conf/ folder on the second server.
- If the property has a value other than two periods, the server uses an application data folder. Copy the keystore to the appdata/conf/ folder on the second server.
- On the second server, open a command-line window, and go to the server installation install/conf/server directory.
- Run the following command to import the key in the temporary
keystore into the server keystore.You must enter this command on a single line.
keytool -importkeystore -srckeystore temp.keystore -srcstorepass tempPassword -srcstoretype pkcs12 -alias alias -destkeystore encryption.keystore -deststorepass destPassword -deststoretype pkcs12- For the tempPassword variable, specify the password for the temporary keystore.
- For the alias variable, specify the encryption.keystore.alias property of the first server, not the current server.
- For the destPassword password, specify the password for the current server keystore.
- Restart the second server.
- Optional: Delete the temporary keystore file from each server.
Results
You can verify that the second server keystore has
the key by running the following command on the second
server:
keytool -list -keystore encryption.keystore
-storepass password
-storetype pkcs12This command lists the keys in the server keystore. If you copied the keys successfully, the list
includes at least two keys: one from each of the servers. These keys are listed according to
the encryption.keystore.alias properties of the respective servers. For
example, the following output shows two keys:
Your keystore contains 2 entries
efghkey5678, Oct 15, 2013, SecretKeyEntry,
abcdkey1234, Nov 22, 2013, SecretKeyEntry,