Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
Note: this component stores topology administrative data and is mirrored across all servers in the topology. It is not intended to be modified directly and is instead managed by the setup and uninstall tools.
Note: changes to topology configuration objects are immediately and automatically mirrored across all servers, so offline changes are not supported.
The Cipher Secret Key represents a cryptographic key used by the server for both encryption of plain text and decryption of cipher text. For example, the Cipher Secret Keys are used for backups, LDIF exports and reversibly-encrypted passwords.
↓Parent Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The Cipher Secret Key component inherits from the Secret Key
The following components have a direct composition relation to Cipher Secret Keys:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ key-id | ↓ key-length-bits |
| ↓ is-compromised | ↓ cipher-transformation-name |
| ↓ initialization-vector-length-bits |
| Description | The unique system-generated identifier for the Secret Key. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | If the key is compromised, an administrator may set this flag to immediately trigger the creation of a new secret key. After the new key is generated, the value of this property will be reset to false. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. If set to true, a new secret key is immediately generated, and all the servers in the topology are immediately notified of the change. All cryptographic operations performed after the change should still function normally. So no further administrative action is required. |
key-length-bits (Advanced Property, Read-Only)
| Description | The length of the key in bits. |
| Default Value | 128 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
cipher-transformation-name (Advanced Property, Read-Only)
| Description | The algorithm name used to produce this cipher, e.g. AES/CBC/PKCS5Padding. |
| Default Value | AES/CBC/PKCS5Padding |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
initialization-vector-length-bits (Advanced Property, Read-Only)
| Description | The initialization vector length of the cipher in bits. |
| Default Value | 128 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Cipher Secret Keys:
dsconfig list-cipher-secret-keys
[--property {propertyName}] ...
To view the configuration for an existing Cipher Secret Key:
dsconfig get-cipher-secret-key-prop
--key-name {name}
--instance-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Cipher Secret Key:
dsconfig set-cipher-secret-key-prop
--key-name {name}
--instance-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...