Updating encrypted data using MigrateEncryptedInfo (server online)

When the server is running, you can change the merchant key and update encrypted data with the MigrateEncryptedInfo utility. Use the Key Locator Framework (-k) option to specify the old and new keys to assign a version number to each key.

Note: To update encrypted data with the MigrateEncryptedInfo utility while the server is offline, see Updating encrypted data using MigrateEncryptedInfo (server offline).

Before you begin

The site must use a merchant key that is configured in the Key Locator Framework. That is, a custom key configuration file is already specified in Transaction server Docker container in application_dir/xml/config/wc-server.xml file.
For Oracle databases, set the UNDO table space to a sufficiently large size. From an SQLPlus prompt, enter the following command:
```
alter database datafile undotablespace datafile autoextend on
maxsize unlimited;
```

Procedure

Back up your database, following the instructions in your database engine documentation.
Prepare the new key files and the key configuration file.
Specify a new version for the new key that is different from the version that is used by the existing current key. Typically, the version is one higher than the version of the current key. Place the key configuration file in the following directory:
- workspace_dir/WC/xml/config
- (In the Utility server Docker container) application_dir/xml/config
Package the changes to the custom XML files (For example, merchantKey_v2.xml, CustomKeys.xml, KeyEncryptionKey.xml, newMerchantKey_v2-1.xml, and newMerchantKey_v2-2.xml).
When all the servers are updated with the new key registered:
1. Run the MigrateEncryptedInfo utility using the Keys Locator Framework (-k) option.
  Ensure that you are aware of the following considerations when running the utility:
  - If your merchant key is stored in an external file and you want to change the value, complete the steps in Changing the merchant key value in an external file.
  - If your merchant key is stored in an external file and you want to change the value by using the -interactive parameter and store it to a different file, complete the steps in ../refs/rsemigrateencryptinfo.html#rsemigrateencryptinfo__Example2.
  The MigrateEncryptedInfo tool generates the following log files:
  - migrateFailedRecords_TABLENAME.log
  - MKChangeUserAndCCInfoMigration.log
  - MigrateEncryptedInfoError.log
  in the following directory:
  - utilities_root/logs
  Review the information in these log files. Ensure that there are no error messages.