Migrate Credentials between Different Secret Stores
A secret key store secretly stores credentials for an application. The store must be moved when migrating data to a newer-version of the same application. This page mentions steps to migrate stored secrets between applications.
Prerequisite
A ohi.credential.migration.enabled
property must be true
to enable the endpoint for the migration process.
The default value of this property is false
.
Migration Steps
Export Existing Secrets
An authorized user runs a GET request on the /export
resource to export the secrets.
See Credentials Migration Integration Point and Keystore Migration Integration Point for more details.
The application reads all the secrets in the existing solution and generates a secrets list.
All the passwords are encrypted with a Base64
encryption.
On success, the user gets an HTTP 204 response, else shows an error.
In case of a successful operation, a JSON file is attached to the response.
Import Existing Secrets
An authorized user runs a POST request on the /import
resource to import the secrets.
See Credentials Migration Integration Point and Keystore Migration Integration Point for more details.
The application takes a file, from the export operation, as input.
On success, the user gets an HTTP 204 response and a store is created according to the uploaded file.
Else, shows an error.