Page tree
Skip to end of metadata
Go to start of metadata

By default, during the TrueSight Presentation Server installation unique keys are generated that are used to encrypt:

  • Infrastructure Management policy data credentials, and the PATROL Agent query command credentials that are sent to the PATROL Agent.
  • Policy data credentials stored in the policy store of the TrueSight Presentation Server.

Following the TrueSight Presentation Server installation, you can change these unique keys using the Presentation Server tssh command based on your key rotation policy.

Best Practice

BMC recommends that you export the policies before changing the encryption key. For step-by-step instructions about how to export monitoring policies, see Exporting and importing blackout and monitoring policies.

To change the encryption key

Perform the following sequence of steps to change the unique key:

  1. Logon to the computer where the Presentation Server is installed, and navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory.

  2. Run the following command to change the key:

    #Syntax
    tssh key set <module name> (PatrolAgent | PolicyStore) <tenant name>

    Important information

    • BMC recommends that you restart the Presentation Server after changing the key.
    • The default value for the <tenant name> is BMCRealm.

Example: To change the encryption key for the PATROL Agent

Run the following command to change the unique key that is used to encrypt the Policy data credentials, and PATROL Agent query command credentials and then sent to the PATROL Agent.

  1. Run the command as shown in the following code block:

    tssh key set PatrolAgent
  2. When you run the preceding command, you are prompted to provide user name and password to complete the key change request as shown in the following screenshot:

    Note

    To change the unique key, ensure that you have  Administrator - level access .

Example: To change the encryption key for the policy store

Run the following command to change the unique key that is used to encrypt the PATROL Agent policy credentials stored in the policy store.

  1. Run the command as shown in the following code block:

    tssh key set PolicyStore
  2. When you run the preceding command, you are prompted to provide user name, password, and a passphrase to complete the key change request as shown in the following screenshot:

    Note

    • When policies are migrated using import/export policies feature, ensure that both source and destination TrueSight Presentation Servers have the same passphrase to successfully migrate the policies. For more information, see Exporting and importing blackout and monitoring policies.
    • To change the unique key, ensure that you have  Administrator - level access .