Attention
This document is no longer being updated. For the most recent documentation, including the latest release notes for version 6, please refer to Documentation Version 7
Generate System Encryption Keys
On Linux
The encryption-keys are used to encrypt the system passwords configured in the datavault builder. As those will be stored on the processing database, this prevents, that everyone having direct access onto the database can read the passwords in cleartext. Here are some possibilities for the creation of the encryption keys.
0. Possible requirement: Entropy pool
On a server, you probably need an entropy pool generator, on a client you can just move the mouse. To install an entropy pool generator:
RHEL / CentOS:
sudo yum install rng-tools sudo rngd -r /dev/urandomUbuntu / Debian:
sudo apt-get install rng-tools sudo rngd -r /dev/urandom
1. Generate the keys
Now follow the gpg instructions to generate new keys (in openpgp format).
RHEL 7 / CentOS 7 / Ubuntu 16.04:
gpg --gen-key --openpgp (select RSA/RSA, 4096 bits)Ubuntu 18.04:
gpg --full-generate-key --openpgp (select RSA/RSA, 4096 bits)
2. Check the list of generated signatures
List all existing signatures to get the ID of the key you would like to export from the list. (should be something like 906D6CC7116E90F277A23B534A2F176B19BD4390). e.g.:
gpg --list-signatures
3. Export everything to files
Store the generated keys and the used passwords in files, so they can be used as docker secrets.
gpg -a --export YOUR_KEY > secrets/systems_password_public_key.txt gpg -a --export-secret-keys YOUR_KEY > secrets/systems_password_private_key.txt echo YOUR_PASSWORD > secrets/systems_password_private_key_password.txtSample:
gpg -a --export 906D6CC7116E90F277A23B534A2F176B19BD4390 > secrets/systems_password_public_key.txt gpg -a --export-secret-keys 906D6CC7116E90F277A23B534A2F176B19BD4390 > secrets/systems_password_private_key.txt echo ng74na7ub247 > secrets/systems_password_private_key_password.txt