Configure Export Key Script¶
During the installation of the Denodo Platform and the Solution Manager, the installer creates a unique encryption key to encrypt all the sensitive information
like configuration properties that contain passwords, passwords to access databases, OAuth tokens to connect to REST APIs, etc. When you export the metadata of Virtual DataPort to a .vql file, the sensitive information is also encrypted with this unique key. In the .vql file, the “secret values” (passwords, tokens…) are marked with
the token ENCRYPTED
and since the key is unique to this installation you can only import the elements with sensitive values in installations of Virtual DataPort that use the same encryption key. Note that we recommend that all the
installations of Denodo of your organization or at least the same business unit use the same encryption key to facilitate promoting changes between environments (testing, staging, production, etc.).
That said, you can set a different key used to encrypt sensitive data when exporting metadata. Once you do this, all the VQL statements you obtain from this installation will use this new encryption key. That is, when you open the section VQL of an element in Design Studio, when you export metadata using the script export, etc.
To enable this, follow these steps:
Stop Virtual DataPort.
Execute the script
<DENODO_HOME>/setup/vdp/configure_vdp_export_key --interactive
and enter the new export password.Start the Virtual DataPort.
Repeat this process in all the Virtual DataPort servers that are expected to import VQL statements with encrypted keys exported from this server. From now on, only the Virtual DataPort servers with the same export key will be able to import the metadata exported of this installation.
With this script, you can also do this:
Set the export key programmatically: with the parameter
--key <new export key>
. With this, you can set this key programmatically, without additional involvement from the user. This is useful to use this from a script. E.g. to automate the process of updating this password on many servers, programmatically.Reset the export key to the default value: with the parameter
--interactive
.
Parameter Name |
Description |
---|---|
-i --interactive |
Runs the interactive mode, which guides you through the process to:
|
-k --key <new export key> |
Set the new export key, programmatically, without intervention from the user. You can provide the new export key:
Note that if the new export key has already been
set, you cannot use the |