To change the Secure Agent data encryption key, use the consoleAgentManager rotateDeviceKey command.
Back up the Secure Agent installation directory before you change the data encryption key.
The user account you use to change the encryption key must have privileges to delete files in the Secure Agent installation directory and its subdirectories.
During upgrade, there can be two versions of the Data Integration Server running within the maintenance window. Do not change the encryption key until the upgrade has completed and the newer version of the Data Integration Server is the only version that is running.
Stop the Secure Agent.
Open a command prompt as an administrator, and navigate to the following directory:
Additional properties can be any key=value pair. For example,
instanceId=<AWS instance ID>,amiId=<AWS AMI ID>
. Separate multiple properties with a comma.
For example, to exclude the Secure Agent machine hostname and hardware MAC address from the encryption key and include the AWS instance ID, run the following command:
When the command completes successfully, if you excluded security properties, create the system environment variable INFA_AGENT_EXCLUDE_SEC_PROPS, and set the value to the same values that you set in the rotateDeviceKey command.
If you added security properties, create the system environment variable INFA_AGENT_ADDITIONAL_SEC_PROPS, and set the value to the same values that you set in the rotateDeviceKey command.
Restart the machine.
If the Secure Agent doesn't start automatically, restart the Secure Agent.