Migrate Credentials between Different Secret Stores
A secret key store secretly stores credentials for an application. The store must be moved when migrating data to a newer-version of the same application. This page mentions steps to migrate stored secrets between applications.
Prerequisite
A ohi.credential.migration.enabled
property must be true
to enable the endpoint for the migration process.
The default value of this property is false
.
Migration Steps
Export Existing Secrets
An authorized user runs a GET request on the /export
resource to export the secrets.
See Credentials and Keystore Migration for more details.
The application reads all the secrets in the existing solution and generates a secrets list.
All the passwords are encrypted with a Base64
encryption.
On success, the user gets an HTTP 204 response, else shows an error.
In case of a successful operation, a JSON file is attached to the response.
Import Existing Secrets
An authorized user runs a POST request on the /import
resource to import the secrets.
See Credentials and Keystore Migration for more details.
The application takes a file, from the export operation, as input.
On success, the user gets an HTTP 204 response and a store is created according to the uploaded file.
Else, shows an error.