upgrading - Encryption
ENCRYPTION
Starting from version v2.13.0, you now have the option to encrypt your p12 passphrase directly within the nodectl configuration file, cn-config.yaml
.
Understanding the Encryption Services
Depending on the encryption state of your node, the upgrader may offer you the ability to encrypt
your p12 passphrase in the configuration. This will be skipped if the configurator module detects the passphrase is already encrypted.
note
You can encrypt the passphrase at any time using the nodectl configurator.
sudo nodectl configure -e
Choose encryption services from the configurator's main edit menu.
Simply entering y here will instruct the upgrader to access the configurator, backup your configuration, and encrypt your passphrase, while offering your a visual understanding of each element.
If you choose not to encrypt, you can skip to the next section.
Encrypting
We can press enter to accept the default, or y+enter.
NEW to nodectl >2.13.x
Do you want to encrypt the passphrase in your cn-config.yaml configuration file?
Enable encrypt? [y]:
Definitions and Reversal
If you choose to encrypt, the screen will clear and the following output will be seen. The output will offer information on what is happening and how to handle reversal of the process.
Enabling encryption will encrypt your passphrase in the configuration file linked to nodectl functionality.
In the unlikely event the encrypted hash stops working [for whatever reason], you can simply disable this functionality, update/change your passphrase, and, upon completion, re-enable the encryption feature.
Encryption will be turned on globally for all profiles. Each unique profile passphrase may be encrypted with a different key.
For security purposes, nodectl will not decrypt the passphrase upon disabling the encryption feature.
WARNING
If the configuration file was manually updated, any updated encryption elements [or other] will be overwritten causing old encryption data that may be allowing nodectl to handle previously encrypted elements to stop working, to be overwritten, and removed!
Completing Encryption
nodectl will handle the encryption and complete the process without the need for user intervention.
Building encryption elements [global] ......... completed
Configuration changes applied ................. successfully
Building encryption elements .................. completed
Next the services will restart.