Password migration of Cloud Automation Manager

You can change the database passwords and encryption secrets of Cloud Automation Manager by using a password migration script.

Before you begin

• You must have Cloud Automation Manager 3.1.0.0 or later.
• Backup your databases. For the actual procedure, see Backup/Restore, HA and DR for IBM Cloud Automation Manager. If you are planning to change the mariadb password, backup the mariadb as well.
• Download passwordMigration.sh from gitHub repository.

About the task

If you want to move to a different encryption password or change your bundled mongodb password or mariadb password, use the passwordMigration tool. To change the encryption password, you re-encrypt encrypted data in the database with the new encryption password.

Procedure

Run the following script:

./passwordMigration.sh [ -e ] [ -d ] [ -m ] [ -s ] [ -n ] [ -r ] [ -c ]

Flags to run the password migration: Usage:

• -e = new encryption password for Cloud Automation Manager. The flag changes the encryption password. Backup your mongodb prior to using this).
• -d = new mongodb password for Cloud Automation Manager. The flag changes the bundled mongodb password. Backup your mongodb prior to using this flag. It applies only for bundled mongodb.
• -m = new mariadb password. This flag changes the bundled mariadb password. Backup your mariadb prior to using this flag. It applies only for bundled mariadb.
• -s = name of Cloud Automation Manager secret. The default is cam-secure-values-secret.
• -n = namespace for Cloud Automation Manager. The default is services.
• -r = helm release name for Cloud Automation Manager
• -c = migration loop count to override the default timeout. The count is 300 by default.

Other flags can be left as default unless you changed values, such as cam secret name or namespace Cloud Automation Manager is installed into.

Here is an example usage to change encryption password, bundled mongodb password and bundled mariadb password:

./changePassword.sh -e newencpass -d newmongopass -m newmariapass 2>&1 | tee changePassword.log

When they run the password migration script, it stops Cloud Automation Manager. If Cloud Automation Manager is already running, it restarts Cloud Automation Manager after the script is successful. If password migration fails, you must restore your database(s).