Data Governance Server Documentation Index
Configuration Reference Home

Cipher Secret Key

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.

Note: this component stores topology administrative data and is mirrored across all servers in the topology. It is not intended to be modified directly and is instead managed by the setup and uninstall tools.

Note: changes to topology configuration objects are immediately and automatically mirrored across all servers, so offline changes are not supported.

The Cipher Secret Key represents a cryptographic key used by the server for both encryption of plain text and decryption of cipher text. For example, the Cipher Secret Keys are used for backups, LDIF exports and reversibly-encrypted passwords.

Parent Component
Relations to This Component
Properties
dsconfig Usage

Parent Component

The Cipher Secret Key component inherits from the Secret Key

Relations to This Component

The following components have a direct composition relation to Cipher Secret Keys:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ key-id ↓ key-length-bits
↓ is-compromised ↓ cipher-transformation-name
↓ initialization-vector-length-bits

Basic Properties

key-id (Read-Only)

Description
The unique system-generated identifier for the Secret Key.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

is-compromised

Description
If the key is compromised, an administrator may set this flag to immediately trigger the creation of a new secret key. After the new key is generated, the value of this property will be reset to false.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. If set to true, a new secret key is immediately generated, and all the servers in the topology are immediately notified of the change. All cryptographic operations performed after the change should still function normally. So no further administrative action is required.


Advanced Properties

key-length-bits (Advanced Property, Read-Only)

Description
The length of the key in bits.
Default Value
128
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

cipher-transformation-name (Advanced Property, Read-Only)

Description
The algorithm name used to produce this cipher, e.g. AES/CBC/PKCS5Padding.
Default Value
AES/CBC/PKCS5Padding
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

initialization-vector-length-bits (Advanced Property, Read-Only)

Description
The initialization vector length of the cipher in bits.
Default Value
128
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Cipher Secret Keys:

dsconfig list-cipher-secret-keys
     [--property {propertyName}] ...

To view the configuration for an existing Cipher Secret Key:

dsconfig get-cipher-secret-key-prop
     --key-name {name}
     --instance-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Cipher Secret Key:

dsconfig set-cipher-secret-key-prop
     --key-name {name}
     --instance-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...