Align Encryption Keys Across Multi-Tier Environments
When working with a multi-tier environment, encryption keys must be aligned across instances. This will enable records encrypted in one system to be transported across to another. Refer to Column Encryption in the online help for more information.
NOTE: Before doing this, back up all information for the Source and Target so that you can restore the values if needed. It is recommended to run these steps when an environment is being built.
- Turn off encryption on all columns on the target DSP site.
- Record the current Data and KeyShortCode values from the CranSoft.dbo.Key table for the DSP target site (for backup purposes).
- Record the EncryptionKey & EncryptionAlgorithm values from the {Install Directory}\BOA\DSP\Web\web.config file for the DSP target site (for backup purposes).
- Copy the Data and KeyShortCode values in the CranSoft.dbo.Key table from the source DSP database and update them in the target DSP database. Updating the Data field will require the following conversion to set the value correctly:
--Run this query on the Target DSP database
--NOTE: Values in <> need to be replaced with the appropriate values
--from the source DSP database. The <> characters should be dropped.
USE [CranSoft]
GO
SELECT * INTO [dbo].[Key_bkp_SupportKB] --change 'bkp' suffix if table exists
FROM [dbo].[Key]
GO
UPDATE [dbo].[Key]
SET [Data] = Convert(varbinary(300),'<Data_ValueToUpdate>', 1),
[KeyShortCode] = '<KeyShortCode_ValueToUpdate>'
WHERE [KeyId] = '<Enter KeyId to update>'
GO - Copy the EncryptionKey & EncryptionAlgorithm values from the {Install Directory}\BOA\DSP\Web\web.config file from the source DSP site into the target DSP site's web.config file.
- Turn on encryption on all columns on the target DSP site.
- CTS a record with encrypted data e.g. DataSource
- Ensure record can be used (for example, test the connection and then try to decrypt and encrypt).
If you need additional support, please contact our support team.