Updating encrypted data using MigrateEncryptedInfo (server online)

When the server is running, you can change the merchant key and update encrypted data with the MigrateEncryptedInfo utility. Use the Key Locator Framework (-k) option to specify the old and new keys to assign a version number to each key.

Note: To update encrypted data with the MigrateEncryptedInfo utility while the server is offline, see Updating encrypted data using MigrateEncryptedInfo (server offline).

Before you begin

  • The site must use a merchant key that is configured in the Key Locator Framework. That is, a custom key configuration file is already specified in Transaction server Docker container in application_dir/xml/config/wc-server.xml file.
  • OracleFor Oracle databases, set the UNDO table space to a sufficiently large size. From an SQLPlus prompt, enter the following command:
    alter database datafile undotablespace datafile autoextend on
    maxsize unlimited;
    

Procedure

  1. Back up your database, following the instructions in your database engine documentation.
  2. Prepare the new key files and the key configuration file.
    Specify a new version for the new key that is different from the version that is used by the existing current key. Typically, the version is one higher than the version of the current key. Place the key configuration file in the following directory:
    • HCL Commerce Developerworkspace_dir/WC/xml/config
    • (In the Utility server Docker container) application_dir/xml/config
  3. Package the changes to the custom XML files (For example, merchantKey_v2.xml, CustomKeys.xml, KeyEncryptionKey.xml, newMerchantKey_v2-1.xml, and newMerchantKey_v2-2.xml).
  4. When all the servers are updated with the new key registered:
    1. Run the MigrateEncryptedInfo utility using the Keys Locator Framework (-k) option.
      Ensure that you are aware of the following considerations when running the utility:
      • If your merchant key is stored in an external file and you want to change the value, complete the steps in Example 1.
      • If your merchant key is stored in an external file and you want to change the value by using the -interactive parameter and store it to a different file, complete the steps in Example 2.
      The MigrateEncryptedInfo tool generates the following log files:
      • migrateFailedRecords_TABLENAME.log
      • MKChangeUserAndCCInfoMigration.log
      • MigrateEncryptedInfoError.log
      in the following directory:
      • utilities_root/logs

      Review the information in these log files. Ensure that there are no error messages.