EDS uses the
infakeystore.jks SSL keystore file and the
infatruststore.jks truststore file that the domain uses to encrypt and decrypt sensitive data that is stored. EDS uses the encryption key configured during domain installation for symmetric encryption and decryption of secure database properties, such as database password and secure jdbc parameters. When the domain keys are updated or changed, the data in EDS has to be decrypted using the old keys and encrypted using the new keys.
To decrypt the data in EDS using the old keys and encrypt the data again with the new keys, use the infacmd command line program. The command re-encrypts data in EDS after the security keys are updated in the domain.
During installation, EDS backs up the security keys in the following location:
<EDS installation directory>/admind/config/backedupSecurityKeys
Run the command after the keys are updated on the domain. EDS performs the following tasks:
- Decrypts the data with the keys from the backed up location.
- Encrypts the data with the new domain keys and stores it in the storage.
- Replaces the keys in the back up location with the new keys from the domain. The backup location always contains the keys with which data is currently encrypted.