Using GSKit
About this task
If your server is using encryption at rest, the data is
encrypted with the information specified with the KeyStore
ol_aws_disk_encryption.p12
, and the encryption password for the key store
is being stashed in a file called ol_aws_disk_encryption.sth
. This stash
technique (.sth
approach) is proprietary to GSKit
.
Note: The
The GSKit utility
allows you to change the KeyStore password by specifying a new password. If you do not know
the KeyStore password prior to migration, use the following steps:OneDB server
does not have GSKit
; ensure you
know the password for the KeyStore when you migrate to OneDB. Note: These steps are
applicable for Informix servers using
GSKit
.Procedure
-
Change the KeyStore password:
gskcapicmd_64 -keydb -changepw -db <keystore> -stashed -new_pw <newpassword>
Example: gsk8capicmd_64 -keydb -changepw -db ol_aws_disk_encryption.p12 -stashed -new_pw TheNewDiskEncryptionPwdxyz
-
Copy the KeyStore to OneDB VM:
scp -i $AWS_RSAKEY_ONEDBVM /home/informix/server/etc/ol_aws_disk_encryption.p12 ubuntu@$PUBLICIP_ONEDBVM:/tmp/.