Configure Export Key Script

When exporting the server metadata, Virtual DataPort encrypts sensitive data using a fixed export key so every installation is able to import the metadata. This may be useful in general but it could be considered as a security risk in some specific environments.

You can modify the export key used to encrypt sensitive data. Follow these steps:

  1. Stop Virtual DataPort.

  2. Execute the script <DENODO_HOME>/setup/vdp/configure_vdp_export_key (see the arguments below).

  3. Start the Virtual DataPort.

#. Repeat this process in all the Virtual DataPort servers that are expected to import VQL statements with encrypted keys exported from this server. From now on, only the Virtual DataPort servers with the same export key will be able to import the metadata exported from this installation.


Usage

configure_vdp_export_key -k <key>
configure_vdp_export_key -i
Parameters of the configure_vdp_export_key script

Parameter Name

Description

-i

Runs the interactive mode, which guides you through the process to:

  • Set a new export key

  • Update the export key

  • Reset the export key to its default value

-k

Set the given key as the new export key.

You can provide the new export key:

  • In plain text.

    E.g. -k my_new_password

  • Encrypted, following the pattern encrypted:<encrypted_password>.

    E.g. -k encrypted:Gr16MjvuXhRzPtPH/yTXHw==

    To obtain the encrypted value, you need to use the encrypt_password script located in the zip <DENODO_HOME>/tools/db/denodo-db-tools.zip.

Note that if the new export key has already been set, you cannot use the -k parameter.