Change the Token for Encrypting the Credentials¶
If you keep the standard installation, MongoDB is used as credential store. For security reasons, change the pre-configured token used for encrypting the credentials. The token may be any string.
Hint - how to change the configuration
In the instructions below, SEAL Operator CLI is used for changing the configuration. You can also use the Consul Web interface.
Caution - possible data loss
If you execute this step on a running system, you need to backup the MongoDB beforehand and restore the data afterwards. Otherwise data loss will happen!
-
Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.
operator config export <filename>.yml --insecure
-
Edit the exported file
<filename>.yml
. -
In the
env
section, specify the new token in the keyMONGO_TOKEN
:env: service: ... operator-server: tag: any: MONGO_TOKEN: 'new_secure_token' ...
-
Save the file.
-
Re-import it to Consul.
operator config import <filename>.yml --insecure
-
Stop all SEAL Operator services.
operator service stop
-
Delete the complete data directory of MongoDB.
rm -r /opt/seal/data/seal-mongodb
-
Restart the service
seal-mongodb
.operator service start seal-mongodb
-
Restart the complete SEAL Operator System.
operator service start