Regenerate the ASMS Encryption Key
This topic describes how to securely update the encryption key in your ASMS system, re-encrypting all passwords across every node. While this process enhances security by using the latest cryptographic standards, it does require system downtime. It also gives you control over when and how to perform the update.
Key Considerations
-
System Downtime: Your ASMS system will be unavailable during the process.
-
Duration: The time required depends on the number of devices onboarded to your system. For very large systems, it may take up to 1 to 1.5 hours.
-
Runtime Estimation: Before proceeding, a runtime estimation is provided, allowing you to decide whether to continue.
To Regenerate the Encryption Key
Do the following:
-
Ensure you schedule the operation during a maintenance window due to the required downtime.
-
On the Central Manager, execute the following command:
algosec_conf --regenerate-encryption-key
-
Review the Confirmation: A confirmation message will appear, including:
-
A runtime estimation for the process based on your system size.
-
An option to proceed or cancel. If you choose not to proceed after viewing the runtime estimation, no changes will be made to your system.
-
-
To proceed, press Y. The encryption key is regenerated, and all passwords are reencrypted using the new key.
Clear your browser's cache