Configure Export Key Script

When exporting the server metadata, the Data Catalog encrypts sensitive data using a fixed export key so every installation is able to import the metadata. This may be useful in general but it could be considered as a security risk in some specific environments.

You can modify the export key used to encrypt sensitive data. Follow these steps:

  1. Stop the Data Catalog.

  2. Execute the script <DENODO_HOME>/setup/vdp/configure_datacatalog_export_key (see the arguments below).

  3. Restart the Data Catalog.

From now on, only a Data Catalog with the same export key will be able to import the metadata exported from this installation.


Usage

configure_datacatalog_export_key -k <key>
configure_datacatalog_export_key -i
Parameters of the configure_datacatalog_export_key script

Parameter Name

Description

-i

Runs the interactive mode, which guides you through the process to:

  • Set a new export key

  • Update the export key

  • Reset the export key to its default value

-k

Set the given key as the new export key.

You can provide the new export key:

  • In plain text.

    E.g. -k my_new_password

  • Encrypted, following the pattern encrypted:<encrypted_password>.

    E.g. -k encrypted:Gr16MjvuXhRzPtPH/yTXHw==

    To obtain the encrypted value, you need to use the encrypt_password script located in the folder <DENODO_HOME>/tools/data-catalog.

Note that if the new export key has already been set, you cannot use the -k parameter.

Note

If you are going to use the Solution Manager to migrate changes in the server’s metadata from one environment to another (Promotions), you should use the same export key in all the environments.