Skip to content

Change the Token for Encrypting the Credentials


If you keep the standard installation, MongoDB is used as credential store. For security reasons, change the pre-configured token used for encrypting the credentials. The token may be any string.

Hint - how to change the configuration

In the instructions below, SEAL Operator CLI is used for changing the configuration. You can also use the Consul Web interface.

Caution - possible data loss

If you execute this step on a running system, you need to backup the MongoDB beforehand and restore the data afterwards. Otherwise data loss will happen!

  1. Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.

    operator config export <filename>.yml --insecure
    
  2. Edit the exported file <filename>.yml.

  3. In the env section, specify the new token in the key MONGO_TOKEN:

    env:
      service:
        ...
        operator-server:
          tag:
            any:
              MONGO_TOKEN: 'new_secure_token'
        ...
    
  4. Save the file.

  5. Re-import it to Consul.

    operator config import <filename>.yml --insecure
    
  6. Stop all SEAL Operator services.

    operator service stop
    
  7. Delete the complete data directory of MongoDB.

    rm -r /opt/seal/data/seal-mongodb
    
  8. Restart the service seal-mongodb.

    operator service start seal-mongodb
    
  9. Restart the complete SEAL Operator System.

    operator service start
    

Back to top