Modifying the secret key used to secure user credentials used by Topology Manager
Topology Manager stores a number of credentials in its database. To prevent a person with access to the database from being able to access all your environments, these credentials are secured using a secret key. Because the default secret key is hardcoded and can become known, RWS recommends that, before setting up your implementation of Tridion Sites, you replace the default secret key with a custom secret key.
About this task
- For each Content Manager environment, one set of credentials to access the Core Service
- For each Content Delivery, one set of credentials to access the Discovery Service (this user must assume the
cmrole, and defaults tocmuser)
- Create and use your custom key before doing any decryption or encryption on this file, and before the first server in your implementation comes in use. Otherwise, you will find yourself unable to decrypt data that was encrypted with the default key.
- Be sure to use your custom key across all scaled-out instances of Topology Manager. Otherwise, one Topology Manager instance will be unable to decrypt data encrypted on another instance.