Change the Token for Encrypting the Credentials

---

If you keep the standard installation, MongoDB is used as credential store. For security reasons, change the pre-configured token used for encrypting the credentials. The token may be any string.

Hint - how to change the configuration

In the instructions below, SEAL Operator CLI is used for changing the configuration. You can also use the Consul Web interface.

Caution - possible data loss

If you execute this step on a running system, you need to backup the MongoDB beforehand and restore the data afterwards. Otherwise data loss will happen!

1. Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.

   operator config export <filename>.yml --insecure
   

2. Edit the exported file <filename>.yml.

3. In the env section, specify the new token in the key MONGO_TOKEN:

   env:
     service:
       ...
       operator-server:
         tag:
           any:
             MONGO_TOKEN: 'new_secure_token'
       ...
   

4. Save the file.

5. Re-import it to Consul.

   operator config import <filename>.yml --insecure
   

6. Stop all SEAL Operator services.

   operator service stop
   

7. Delete the complete data directory of MongoDB.

   rm -r /opt/seal/data/seal-mongodb
   

8. Restart the service seal-mongodb.

   operator service start seal-mongodb
   

9. Restart the complete SEAL Operator System.

   operator service start
   

---