Masterkey rotation

Hi,

We are looking for ways to rotate our Masterkey and haven’t found much information regarding if that is possible. How would we go about changing the Masterkey or rotating it on a schedule?

Another question is have you enabled the ability to manage our Octopus DB username / password using AWS Secrets Manager?

Hi @swalsh1,

Thanks for reaching out, and welcome to the Octopus Forums.

The master key is what’s used to decrypt your sensitive values. There is no way to change your master key without also losing your sensitive values inside of Octopus.

I’m sorry I don’t have better news for you.

Please let me know if you have any other questions or concerns.

Best,
Jeremy

So if we choose to move the database at any point after creation we need to reuse the masterkey?

Hi @swalsh1,

Yes, that’s correct. You need it whenever you connect an Octopus instance to an already existing Octopus database.

Please let me know if you have any other questions or concerns.

Best,
Jeremy

Ok. Last question I think for now heh, if we clone or move the database do we need to reuse the username / password? Are we able to update the database username / password?

Hi @swalsh1,

Just to clarify, are you referring to the Octopus Portal username/password, or the sql server authentication for the connection string?

If you are referring to the former, you can either use the current credentials, or create a new set using Octopus.Server.exe commands shown in our documentation here: Octopus.Server.exe command line - Octopus Deploy

If you are referring to sql server auth, you will need to use any auth you have available to you that is a db_owner for the backup.

Please let me know if that answered your question.

Best,
Jeremy

That answered my question thanks!

1 Like