Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
Note: this component stores topology administrative data and is mirrored across all servers in the topology. It is not intended to be modified directly and is instead managed by the setup and uninstall tools.
Note: changes to topology configuration objects are immediately and automatically mirrored across all servers, so offline changes are not supported.
The Mac Secret Key represents a message authentication code (MAC) used to verify data integrity and authentication of messages. For example, the Mac Secret Keys are used for backups, LDIF exports and signed log files.
↓Parent Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The Mac Secret Key component inherits from the Secret Key
The following components have a direct composition relation to Mac Secret Keys:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ key-id | ↓ key-length-bits |
| ↓ is-compromised | ↓ mac-algorithm-name |
| Description | The unique system-generated identifier for the Secret Key. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | If the key is compromised, an administrator may set this flag to immediately trigger the creation of a new secret key. After the new key is generated, the value of this property will be reset to false. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. If set to true, a new secret key is immediately generated, and all the servers in the topology are immediately notified of the change. All cryptographic operations performed after the change should still function normally. So no further administrative action is required. |
key-length-bits (Advanced Property, Read-Only)
| Description | The length of the key in bits. |
| Default Value | 128 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
mac-algorithm-name (Advanced Property, Read-Only)
| Description | The algorithm name used to generate this MAC key, e.g. HmacMD5, HmacSHA1, HMacSHA256, etc. |
| Default Value | HMacSHA256 |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Mac Secret Keys:
dsconfig list-mac-secret-keys
[--property {propertyName}] ...
To view the configuration for an existing Mac Secret Key:
dsconfig get-mac-secret-key-prop
--key-name {name}
--instance-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Mac Secret Key:
dsconfig set-mac-secret-key-prop
--key-name {name}
--instance-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...