Changing the encryption key to secure PATROL Agent data
By default, during the TrueSight Presentation Server installation unique keys are generated that are used to encrypt:
- Infrastructure Management policy data credentials, and the PATROL Agent query command credentials that are sent to the PATROL Agent.
- Policy data credentials stored in the policy store of the TrueSight Presentation Server.
Post the TrueSight Presentation Server installation, you can change these unique keys using the Presentation Server tssh command based on your key rotation policy.
To change the encryption key
Perform the following sequence of steps to change the unique key:
- Logon to the computer where the Presentation Server is installed, and navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory.
Run the following command to change the key:
#Syntax
tssh key set <module name> (PatrolAgent | PolicyStore) <tenant name>
Example: To change the encryption key for the PATROL Agent
Run the following command to change the unique key that is used to encrypt the Policy data credentials, and PATROL Agent query command credentials and then sent to the PATROL Agent.
Run the command as shown in the following code block:
tssh key set PatrolAgentWhen you run the preceding command, you are prompted to provide user name and password to complete the key change request as shown in the following screenshot:
Example: To change the encryption key for the policy store
Run the following command to change the unique key that is used to encrypt the PATROL Agent policy credentials stored in the policy store.
Run the command as shown in the following code block:
tssh key set PolicyStoreWhen you run the preceding command, you are prompted to provide user name, password, and a passphrase to complete the key change request as shown in the following screenshot:
Where to go from here