Use > Hardening > High Availability Hardening > Changing the Key in the key.bin

Changing the Key in the key.bin

In a High Availability environment with several servers, change the key in the key.bin as follows:

  1. Go to the writer machine in the JMX. You can choose any machine in the cluster and click on the writer link on the top of each page.
  2. In the UCMDB section of the console, click UCMDB:service=Discovery Manager.
  3. Change the key in one of the following ways:

    • Click changeEncryptionKey (this imports the existing encryption key)

    • Click generateEncryptionKey (this generates a random encryption key)

  4. On the writer machine, go to the file system and find the key.bin at: C:\UCMDB\UCMDBServer\conf\discovery\key.bin
  5. Copy the key.bin from the location on the writer machine to each one of other machines in the cluster to the folder: C:\UCMDB\UCMDBServer\conf\discovery\customer_1\ and rename the destination file (for example, key_new.bin).
  6. For each of the other servers (readers) do the following:

    1. Switch the reader to be a writer (you can do this from the High Availability JMX) and wait until it changes.

    2. Connect to the JMX of the current writer and click UCMDB:service=Discovery Manager.

    3. Click and invoke changeEncryptionKey, use the same details you entered in step 3 (for newKeyFileName, use the new name you assigned at step 5).

    4. Verify that you get the following message: Key was created successfully.