B.7.6 Encryption Key Properties
Under encryption
, specify the encryption key that MicroTx uses to encrypt the access and refresh tokens. You must provide values for these properties if you have enabled the authTokenPropagationEnabled
property under tmmConfiguration.authorization
.
Property | Description |
---|---|
EncryptionSecretKeyVersion |
Specify the version of the key that you want to use for encrypting the transaction tokens. |
secretKeys.secretKeyName |
Specify the name of the environment variable which points to the Docker secret that contains the encryption key. To support the encryption keys rotation, you can specify multiple encryption keys and their versions. |
secretKeys.version |
Enter the version of the Docker secret that you want to use. |
If you create a new Docker secret, do not delete the entry for the previous secret immediately. You may delete the old secret and the corresponding entry in the tcs-docker-swarm.yaml
file after a few days because existing transactions may be using the older versions of the key. After a few days, you can update the tcs-docker-swarm.yaml
file, and then update MicroTx.
The following code snippet provides sample values for the encryption
field in the tcs-docker-swarm.yaml
file. The sample values in this example are based on the values used in the sample commands in Create Encryption Key and Key Pair.
encryption:
secretKeys: '{"secretKeys":[{"secretKeyName":"TMMSECRETKEY", "version":"1"}]}'
#TMMSECRETKEY is the environment variable that points to the Docker secret that contains the encryption key.
EncryptionSecretKeyVersion: 1
Parent topic: Configure the tcs-docker-swarm.yaml File