3.1. Setting the Master Secret

You configure the gateway to persist the master secret, which is saved in the $gateway_home/data/security/master file. Ensure that this directory has the appropriate permissions set for your environment.

To set the master secret, run the following command:

su -l knox -c '$gateway_home/bin/knoxcli.sh create-master'

A warning displays indicating that persisting the secret is less secure than providing it at startup. Knox protects the password by encrypting it with AES 128 bit encryption and where possible the file permissions are set to be accessible by the knox user only.

[Warning]Warning

Ensure that the security directory, $gateway_home/data/security , and its contents are readable and writable by the knox user, only. This is the most important layer of defense for master secret. Do not assume that the encryption is sufficient protection.


loading table of contents...