[midPoint] Is it possible to replace the key in keystore

[Wang, Xiaoshu]

Hi, I have a few curious question.

My understanding is that many infos in the repository database is encrypted by the default key in the keystore.jceks of the midpoint.home directory. I wonder if it is possible to change the key.

The reason I ask this question is to imagine the scenario, say, the keystore is somehow compromised or if our school’s policy requires us to change the key once in a while, I wonder if it is possible to change the key without having to start it all over again.

In addition, I wonder what info are encrypted by the key and where they are stored. For instance, I couldn’t figure out where the password (or its hash, encrypted form etc.,) for the administrator is stored. The reason that I ask this is I am trying to create a new environment, but the DB admin copied from another environment, so I am forced to use the previous keystore. I would like to use different key for different environment….

Xiaoshu Wang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210527/e9101dfe/attachment.htm>