Skip to main content

upgrading - Encryption

ENCRYPTION

Starting from version v2.13.0, you now have the option to encrypt your p12 passphrase directly within the nodectl configuration file, cn-config.yaml.

Understanding the Encryption Services

Depending on the encryption state of your node, the upgrader may offer you the ability to encrypt your p12 passphrase in the configuration. This will be skipped if the configurator module detects the passphrase is already encrypted.

note

You can encrypt the passphrase at any time using the nodectl configurator.

sudo nodectl configure -e

Choose encryption services from the configurator's main edit menu.

Simply entering y here will instruct the upgrader to access the configurator, backup your configuration, and encrypt your passphrase, while offering your a visual understanding of each element.

If you choose not to encrypt, you can skip to the next section.

Encrypting

We can press enter to accept the default, or y+enter.

------- * ENCRYPTION SERVICES * --------

NEW to nodectl >2.13.x

Do you want to encrypt the passphrase in your cn-config.yaml configuration file?
Enable encrypt? [y]:

Definitions and Reversal

If you choose to encrypt, the screen will clear and the following output will be seen. The output will offer information on what is happening and how to handle reversal of the process.

IMPORTANT
Enabling encryption will encrypt your passphrase in the configuration file linked to nodectl functionality.

In the unlikely event the encrypted hash stops working [for whatever reason], you can simply disable this functionality, update/change your passphrase, and, upon completion, re-enable the encryption feature.

Encryption will be turned on globally for all profiles. Each unique profile passphrase may be encrypted with a different key.

For security purposes, nodectl will not decrypt the passphrase upon disabling the encryption feature.

WARNING
If the configuration file was manually updated, any updated encryption elements [or other] will be overwritten causing old encryption data that may be allowing nodectl to handle previously encrypted elements to stop working, to be overwritten, and removed!

Completing Encryption

nodectl will handle the encryption and complete the process without the need for user intervention.

------------ * GLOBAL P12 * ------------

Building encryption elements [global] ......... completed
Configuration changes applied ................. successfully
Building encryption elements .................. completed

Next the services will restart.