Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Cloud Service Automation4.91

Administer > Configure CSA > Configure Password Migration Tool

Password Migration Tool

Password Migration tool helps the user to change the passphrase for the key file and re-encrypt the passwords using new key file.

Following are the pre-requisites to configure Password Migration tool:

Note that the default encryption folder location is: /var/vols/itom/hcm/shared/encryption and the Password Migration tool directory is : /var/vols/itom/hcm/csa/tools/PasswordMigrationTool.
Create the directory named old under encryption directory.
Copy all the content from encryption to old directory.
Retain key-configuration.properties file and bin.created file in encryption directory and remove the other files (mainly KEK files).

CAUTION:
Do not delete bin.created file under the encryption directory. This leads to regeneration of new bin and the old bin will be lost. You cannot recover passwords which are stored in the DB.
There is no backup for encryption content and hence use the content appropriately.

bin.created file must be deleted only when a passphrase is changed.

Configuring Password Migration Tool

By default, config.properties.<DBtype> is available.

If config.properties.<DBtype> is not available, generate the properties using -g option.

Refer to the table below for values in the config.properties file:

jdbc.driverClassName	The jdbc driver class. Example Oracle: `jdbc.driverClassName=oracle.jdbc.driver.OracleDriver` MS SQL: `jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driver` PostgreSQL: `jdbc.driverClassName=org.postgresql.Driver`
jdbc.dialect	The classname that allows JDBC to generate optimized SQL for a particular database. Example Oracle: `jdbc.dialect=org.hibernate.dialect.OracleDialect` MS SQL: `jdbc.dialect=org.hibernate.dialect.SQLServerDialect` PostgreSQL: `jdbc.dialect=org.hibernate.dialect.PostgreSQLDialect`
jdbc.databaseUrl	The jdbc URL. When specifying an IPv6 address, it must be enclosed in square brackets. Example Oracle (TLS not enabled): `jdbc.databaseUrl=jdbc:oracle:thin:@//127.0.0.1:1521/XE` Oracle (TLS not enabled, using an IPv6 address): `jdbc.databaseUrl=jdbc:oracle:thin:@//[f000:253c::9c10:b4b4]:1521/XE`
jdbc.username	The user name of the database user you configured for CSA after installing the database.
jdbc.password	The password for the database user. Note that the password must be in plain text format.
idmConfig.Url	The system on which CSA is installed.. This must have FQDN.
csa.Url	This is the CSA URL. This must have FQDN.
securityTransportUserName	The user used to authenticate legacy REST API calls. Example: csaTransportUser
securityTransportPassword	The password for the user used to authenticate legacy REST API calls. This password must be in plain text format.
securityIdmTransportUserName	The user name to authenticate with Identity Management component. Example: idmTransportUser
securityIdmTransportUserPassword	The password to authenticate with Identity Management component. This password must be in plain text format.
password.migrate.input.files	List of comma separated files which contains passwords and need to be re-encrypted with new key file. Example: `/var/vols/itom/hcm/shared/tools/DBPurgeTool/config.properties`,`/var/vols/itom/hcm/shared/tools/LdapTool/config.properties`
from.key.profile	Profile name of from/current key. Example: shared
to.key.path	Path of the new profile (directory which has the key and configuration files, by default only `key-configuration.properties` file will be retained) /var/vols/itom/hcm/shared/csa/encryption
from.key.path	path of the current/from profile (directory which has the key and configuration files). Example: shared
to.key.profile	Profile name of new key. Example: shared

The following values :
securityAdminUser=admin and securityAdminPassword=cloud are the hidden properties which can be used to run the tool in silent mode (this will not prompt for authentication during run time).
Open MigrationConfiguration.properties and edit “From_” and “To_” lines with desired inputs as shown below:

Where:
“From_” refers to the password algorithm used in current CSA setup.
“To_” refers to password algorithm to which the migration is completed.
Legacy to shared
```
from.key.profile=legacy
```
```
from.key.path=legacy
```
```
to.key.profile=shared
```
```
to.key.path=/var/vols/itom/hcm/shared/csa/encryption
```
Input files which need to be re-encrypted must be comma separated.
When you do not want to generate passphrase and want to use your passphare, set Random passphrase as diabled (generate.random.passphrase=false).

NOTE:

To generate your passphare, you need to have a 16 alphanumeric password. (minimum of one lower case, one upper case, and one digit).
Run java -jar password-migration-tool-standalone.jar [-c config.properties.<DBType>].

NOTE: If you rename your config.properties.<DBtype> to config.properties then -c option is not required.

The tool generates migrate directory at: /var/vols/itom/hcm/shared/csa/encryption. This directory will be further referred by the IDMInstaller tool.

Send Help Center feedback