Post refresh re-encryption

 Encrypted data cannot be decrypted with the non-production encryption key the post refresh process first decrypts the data and then encrypts, and updates the effected rows with the non-production encryption key.


Step-by-step guide

  1. Log into a non-production KFS instance.
  2. ENCRYPTION_FROM_DATE and ENCRYPTION_TO_DATE parameters. These parameters determine the date ranges of the documents that will be 're-encrypted'. 
    1. If the parameters are not set the date range defaults to 120 days ago to the present date.
    2. To change the parameters Click the Parameters link under  Configuration in the "Administration" tab
      1. Enter ENCRYPTION_FROM_DATE or ENCRYPTION_TO_DATE  in the "Parameter Name" box
      2. Enter PostEncryptionStep in the "Componment" box
      3. Click Search
      4. Under "Actions" click EDIT
      5. Change the "Parameter Value" in the New column and click Blanket Approve
  3. Make sure that you have the necessary permissions to execute a batch job or backdoor as someone who can execute batch.
  4. On the "Administration" tab under "Batch" select "Schedule"
  5. Enter postEncryptionJob in the Job Name box and click Search
  6. Under the Actions column click Modify
  7. Then click Run

 

This job combines riceMaintenancePostEncryptionJob, kfsMaintenancePostEncryptionJob and riceKewPostEncryptionJob