Recycling Encryption Keys
Encryption Keys externalized in a file can be recycled using the -recycleencryptionkey <newKeyFilePath> command.
You can define a site-specific Encryption Key to encrypt the data. Set the new Encryption Key in a file and then provide Connector Gateway with Read access to the file. The Encryption Key length must be 16, 24, or 32 bytes. For more information on the Encryption Key, refer to Configure TLS Between SailPoint and the Connector Gateway.
The -recycleEncryptionKey command updates the values for the following attributes in the init.xml file if they are already defined. For more information on the init.xml file, refer to Example init.xml File.
-
keypass -
keystorepass -
agentcertsubject -
truststorepasswordpe2tlsauth -
pe2certsubject -
keypasscgtlsauth -
keystorepasscgtlsauth -
trustStorePassword -
encryptionKeyFile
Important
When you upgrade to a new Connector Gateway version, be sure to copy the values from your old init.xml file into the new Connector Gateway version's init.xml file.
Caution
Since the -recycleencryptionkey command updates init.xml, SailPoint strongly recommends that you create a backup of the init.xml file prior to running the command as a precaution.
Recycle the Default Encryption Key
You must recycle your Default Encryption key if your Connector Gateway version is older than ConnectorGateway-Jun-2025. The Default Encryption key used in prior versions won't work with ConnectorGateway-Jun-2025 and subsequent releases.
Use the following command to recycle it:
java -jar ConnectorGateway.jar -recycleEncryptionKey <new_key_file> default
In the command, <new_key_file> is the full file path containing the new encryption key file.
Recycle a Custom Encryption Key
To recycle existing custom keys, use the following command:
java -jar ConnectorGateway.jar -recycleEncryptionKey <new_key_file>
In the command, <new_key_file> is the full file path containing the new encryption key file.