Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore(docs/admin): update encryption.md#9660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
johnstcn merged 1 commit intomainfromcj/dbcrypt-docs-fix
Sep 13, 2023
Merged
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletionsdocs/admin/encryption.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -87,7 +87,7 @@ if you need to rotate keys, you can perform the following procedure:
1. Generate a new encryption key following the same procedure as above.

1. Add the above key to the list of
[external token encryption keys](../cli/server.md#external-token-encryption-keys).
[external token encryption keys](../cli/server.md#--external-token-encryption-keys).
**The new key must appear first in the list**. For example, in the Kubernetes
secret created above:

Expand DownExpand Up@@ -127,14 +127,19 @@ To disable encryption, perform the following actions:
1. Ensure you have a valid backup of your database. **Do not skip this step.**

1. Stop all active coderd instances. This will prevent new encrypted data from
being written.
being written, which may cause the next step to fail.

1. Run [`coder server dbcrypt decrypt`](../cli/server_dbcrypt_decrypt.md). This
command will decrypt all encrypted user tokens and revoke all active
encryption keys.

> Note: for `decrypt` command, the equivalent environment variable for
> `--keys` is `CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS` and not
> `CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS`. This is explicitly named
> differently to help prevent accidentally decrypting data.

1. Remove all
[external token encryption keys](../cli/server.md#external-token-encryption-keys)
[external token encryption keys](../cli/server.md#--external-token-encryption-keys)
from Coder's configuration.

1. Start coderd. You can now safely delete the encryption keys from your secret
Expand All@@ -156,7 +161,7 @@ To delete all encrypted data from your database, perform the following actions:
encryption keys.

1. Remove all
[external token encryption keys](../cli/server.md#external-token-encryption-keys)
[external token encryption keys](../cli/server.md#--external-token-encryption-keys)
from Coder's configuration.

1. Start coderd. You can now safely delete the encryption keys from your secret
Expand All@@ -171,3 +176,6 @@ To delete all encrypted data from your database, perform the following actions:
that is no longer active, it will refuse to start. If you are seeing this
behaviour, ensure that the encryption keys provided are correct and that you
have not revoked any keys that are still in use.
- Decryption may fail if newly encrypted data is written while decryption is in
progress. If this happens, ensure that all active coder instances are stopped,
and retry.
[8]ページ先頭
©2009-2025 Movatter.jp