Post refresh re-encryption
Encrypted data cannot be decrypted with the non-production encryption key the post refresh process first decrypts the data and then encrypts, and updates the effected rows with the non-production encryption key.
Step-by-step guide
- Log into a non-production KFS instance.
- ENCRYPTION_FROM_DATE and ENCRYPTION_TO_DATE parameters. These parameters determine the date ranges of the documents that will be 're-encrypted'.
- If the parameters are not set the date range defaults to 120 days ago to the present date.
- To change the parameters Click the Parameters link under Configuration in the "Administration" tab
- Enter ENCRYPTION_FROM_DATE or ENCRYPTION_TO_DATE in the "Parameter Name" box
- Enter PostEncryptionStep in the "Componment" box
- Click Search
- Under "Actions" click EDIT
- Change the "Parameter Value" in the New column and click Blanket Approve
- Make sure that you have the necessary permissions to execute a batch job or backdoor as someone who can execute batch.
- On the "Administration" tab under "Batch" select "Schedule"
- Enter postEncryptionJob in the Job Name box and click Search
- Under the Actions column click Modify
- Then click Run
This job combines riceMaintenancePostEncryptionJob, kfsMaintenancePostEncryptionJob and riceKewPostEncryptionJob
Related articles