Configure Export Key Script

When exporting the server metadata, the Data Catalog encrypts sensitive data using a fixed export key so every installation is able to import the metadata. This may be useful in general but it could be considered as a security risk in some specific environments.

You can modify the export key used to encrypt sensitive data. Follow these steps:

  1. Stop the Data Catalog.

  2. Change the export key using the script configure_datacatalog_export_key, located in the folder <DENODO_HOME>/setup/vdp

  3. Restart the Data Catalog.

From now on, only a Data Catalog with the same export key will be able to import the metadata exported from this installation.


Usage

configure_datacatalog_export_key -k <key>
configure_datacatalog_export_key -i
Parameters of the configure_datacatalog_export_key script

Parameter Name

Description

-i

Runs the interactive mode, which guides you through the process to:

  • Set a new export key

  • Update the export key

  • Reset the export key to its default value

-k

Set the given key as the new export key.

You can provide the new export key:

  • In plain text.

    E.g. -k my_new_password

  • Encrypted, following the pattern encrypted:<encrypted_password>.

    E.g. -k encrypted:Gr16MjvuXhRzPtPH/yTXHw==

    To obtain the encrypted value, you need to use the encrypt_password script located in the folder <DENODO_HOME>/tools/data-catalog.

Note that if the new export key has already been set, you cannot use the -k parameter.