Re-Encrypt Passwords
The new encryption key is used for newly encrypted passwords. However, because existing passwords can also be decrypted using the default method on any system, you must re-encrypt existing passwords. Ro re-encrypt existing password, you must create a new Encrypted Data Synchronization Task in IdentityIQ.
-
From the Navigation menu bar, select Intelligence > Tasks.
-
From the New Task dropdown list select Encrypted Data Synchronization Task from the dropdown list.
-
Enter a name for the new task.
-
OPTIONAL: If needed, you can exclude types such as applications, identities or integration configurations from processing.
-
Save and Execute to immediately run the task.
After the task has completed, all selected encrypted data is changed. A password encrypted with the default key is prefixed with 1. Items encrypted with the new encryption key are prefixed with 2 or another number if multiple encryption keys are stored.
For example, when you look up the Administrator's password in the console, the displays is similar to the following:
> search identity password where name admin
2:WpTZ2hmNaInTAJzeK9Swcw==