Bug 1247817 - [DOC] Workaround for changing vault password
[DOC] Workaround for changing vault password
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-Linux_Domain_Identity_Management_Guide (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Aneta Šteflová Petrová
Namita Soman
: Documentation, EasyFix
Depends On: 1249091
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-28 21:13 EDT by Endi Sukma Dewata
Modified: 2017-05-15 17:55 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Endi Sukma Dewata 2015-07-28 21:13:52 EDT
Currently changing the password of a symmetric vault or the keys of an asymmetric vault has to be done manually. See http://www.freeipa.org/page/V4/Password_Vault_1.0#Changing_vault_password.2Fkeys.

To change the password of a symmetric vault:
1. Retrieve the secret from the vault:
   ipa vault-retrieve SymmetricVault --out secret.txt

2. Remove the vault:
   ipa vault-del SymmetricVault

3. Create a new symmetric vault with a new password:
   ipa vault-add SymmetricVault --type symmetric

4. Re-archive the secret into the new vault:
   ipa vault-archive SymmetricVault --in secret.txt

5. Delete the temporary file:
   rm secret.txt

To change the keys of an asymmetric vault:
1. Retrieve the secret from the vault:
   ipa vault-retrieve AsymmetricVault --out secret.txt --private-key-file private.pem

2. Remove the vault:
   ipa vault-del AsymmetricVault

3. Create a new asymmetric vault with new keys:
   ipa vault-add AsymmetricVault --type asymmetric --public-key-file public.pem

4. Re-archive the secret into the new vault:
   ipa vault-archive AsymmetricVault --in secret.txt

5. Delete the temporary file:
   rm secret.txt
Comment 1 Aneta Šteflová Petrová 2017-02-21 10:17:53 EST
Comment#0 explains the procedures very nicely. To resolve this request, we could add the procedures to chapter "Storing Authentication Secrets with Vaults".

Note You need to log in before you can comment on or make changes to this bug.