Migrate Credentials between Different Secret Stores

A secret key store secretly stores credentials for an application. The store must be moved when migrating data to a newer-version of the same application. This page mentions steps to migrate stored secrets between applications.

Prerequisite

A ohi.credential.migration.enabled property must be true to enable the endpoint for the migration process. The default value of this property is false.

Migration Steps

Export Existing Secrets

An authorized user runs a GET request on the /export resource to export the secrets. See Credentials Migration Integration Point and Keystore Migration Integration Point for more details. The application reads all the secrets in the existing solution and generates a secrets list. All the passwords are encrypted with a Base64 encryption. On success, the user gets an HTTP 204 response, else shows an error. In case of a successful operation, a JSON file is attached to the response.

Import Existing Secrets

An authorized user runs a POST request on the /import resource to import the secrets. See Credentials Migration Integration Point and Keystore Migration Integration Point for more details. The application takes a file, from the export operation, as input. On success, the user gets an HTTP 204 response and a store is created according to the uploaded file. Else, shows an error.