Migrate Credentials between Different Secret Stores

A secret key store secretly stores credentials for an application. The store must be moved when migrating data to a newer-version of the same application. This page mentions steps to migrate stored secrets between applications.

Prerequisite

A ohi.credential.migration.enabled property must be true to enable the endpoint for the migration process. The default value of this property is false.

Migration Steps

Export Existing Secrets

An authorized user runs a GET request on the /export resource to export the secrets. See Credentials and Keystore Migration for more details. The application reads all the secrets in the existing solution and generates a secrets list. All the passwords are encrypted with a Base64 encryption. On success, the user gets an HTTP 204 response, else shows an error. In case of a successful operation, a JSON file is attached to the response.

Import Existing Secrets

An authorized user runs a POST request on the /import resource to import the secrets. See Credentials and Keystore Migration for more details. The application takes a file, from the export operation, as input. On success, the user gets an HTTP 204 response and a store is created according to the uploaded file. Else, shows an error.