For security purposes, Hybrid Data Security uses service account passwords that have a 9-month lifespan. The HDS Setup tool generates these passwords, and you deploy them to each of your HDS nodes as part of the ISO config file. The Setup tool also gives you the ability to reset the passwords.
Reset Hybrid Data Security service account passwords
Use this procedure to update the passwords.
Before you begin
-
The HDS Setup tool runs as a Docker container on a local machine. To access it, Docker must be running on the machine, and you need Control Hub customer admin sign-in credentials for your organization.
-
You need a copy of the current configuration ISO file to generate a new configuration. The ISO file contains the key for encrypting the PostgresDB, which is required any time you make configuration changes, including database credentials, certificate updates, or changes to authorization policy.
-
For more configuration and maintenance information, see the Deployment Guide for Hybrid Data Security at https://www.cisco.com/go/hybrid-data-security.
The docker repository we use for the HDS Setup tool changed to ciscocitg in December 2022 (from ciscosparkhds previously). |
1 | Using Docker on a local machine, run the HDS Setup Tool. |
2 | If you only have one HDS node running, create a new Hybrid Data Security node VM and register it using the new configuration ISO file. For more detailed instructions, see "Create and Register More Nodes" in the "Set up a Hybrid Data Security Cluster" chapter of the Deployment Guide for Hybrid Data Security. |
3 | On an existing HDS node running the older configuration file, do the following substeps: |
4 | Repeat step 3 to replace the configuration on each remaining node that is running the old configuration. |