Migrate User Keys
Key Connector provides a utility for migration from one database to another, or from one RSA key pair configuration to another. Before executing this migration, it is highly recommended that you take a backup of the database being used by Key Connector to store encrypted user keys.
advertencia
Schedule a maintenance window in which to execute the procedures in this article; they will require you to stop services which will result in downtime for users of your Bitwarden server.
Key Connector must access a database which stored encrypted user keys for your organization members. Create a new secure database and complete the following steps to migrate user keys to it:
Stop the Key Connector container.
In your
.bwdata/env/key-connector.override.envfile, replace the existingkeyConnectorSettings__database__values with the required values for your new database (learn more).consejo
Copy the old values to somewhere where you can easily access them, as you'll need them in a future step.
Start the Key Connector container to initialize the database. Once it's initialize, stop the Key Connector container again.
In
key-connector.override.env, add the oldkeyConnectorSettings__database__values back in and inserttransferTo__into each of the new values that you added in Step 2.
For example, at this stage a configuration migrating from a local JSON file to using a Microsoft SQL Server would include the following values:BashkeyConnectorSettings__database__provider=json keyConnectorSettings__database__jsonFilePath=/etc/bitwarden/database.json keyConnectorSettings__transferTo__database__provider=sqlserver keyConnectorSettings__transferTo__database__sqlServerConnectionString={Connection_String}Restart your self-hosted Bitwarden installation in order to apply the configuration changes:
Bash./bitwarden.sh restartNow that your user keys are migrated, clean up your
key-connector.override.envfile. Stop the Key Connector container, remove the old values, and removetransferTo__from each of the new values added in Step 2.
Key Connector uses an RSA key pair to protect user keys at rest. To migrate from your existing RSA key pair configuration:
Stop the Key Connector container.
In your
.bwdata/env/key-connector.override.envfile, add the required values for a new RSA configuration (see here) withtransferTo__inserted in each value immediately followingkeyConnectorSettings__.
For example, thekey-connector.override.envfor a configuration migrating from a certificate stored on the filesystem to using AWS Key Management Service (KMS) would include the following values:BashkeyConnectorSettings__rsaKey__provider=certificate keyConnectorSettings__certificate__provider=filesystem keyConnectorSettings__certificate__filesystemPath=/etc/bitwarden/bw-kc.pfx keyConnectorSettings__certificate__filesystemPassword=******** keyConnectorSettings__transferTo__rsaKey__provider=awskms keyConnectorSettings__transferTo__rsaKey__awsAccessKeyId={AccessKey_Id} keyConnectorSettings__transferTo__rsaKey__awsAccessKeySecret={AccessKey_Secret} keyConnectorSettings__transferTo__rsaKey__awsRegion={Region_Name} keyConnectorSettings__transferTo__rsaKey__awsKeyId={Key_Id}Restart your self-hosted Bitwarden installation in order to apply the configuration changes:
Bash./bitwarden.sh restart
Sugerir cambios en esta página
¿Cómo podemos mejorar esta página para usted?
Si tiene preguntas técnicas, sobre facturación o sobre el producto, póngase en contacto con el servicio de asistencia.