How to Update KeyPassPhrase on Virtual Appliance After Installation?

Hi everyone,

I’m working on testing a new deployment of a Virtual Appliance (VA) cluster for a customer. We already have two VAs in the cluster, and a third one was recently added. However, during the installation of the third VA, a different KeyPassPhrase was mistakenly used.

Now, we have three VAs in the cluster, but the third one has a different KeyPassPhrase compared to the other two.

According to the documentation (:

Does anyone know how we can align the KeyPassPhrase of the third VA with the other two?
Is it possible to update the KeyPassPhrase by modifying the configuration file and restarting the services, or is a complete reinstallation of the third VA required?

Any guidance would be greatly appreciated!

Hi @baoussounda

Reset your VA pair KeyPassPhrase using below command: va-bootstrap reset and

Reconfigure your VA.

Thank You.

Just update the passphrase in your VA config.yaml file, save it.

After saving the file, VA encrypts the passphrase automatically, better restart after the change. We have changed a couple of times, no big deal.

Thanks
Krish

Hi @MVKR7T,

After modifying the configuration file by entering the same KeyPassPhrase in plain text, the VA encrypts it. However, the encrypted value differs from the one used by the other VAs.

Do you have any idea ?

Hi @Sagar_18,

Thanks for your response. what “Reconfigure your VA.” mean ?

Every VA has different apiUser and apiKey, so encrypted result will be different, that is okay. Just check whether your VA is connected to your tenant or not.

Hi @baoussounda

Reconfiguration means once you reset the VA. For setting the new KeyPassPhrase need to execute the command ‘va-bootstrap set-passphrase’ and provide the KeyPassPhrase same as you have given for the other two VA.

Thank you!

1 Like

@MVKR7T Yes, I agree that the apiKey and apiSecret should be different for each Virtual Appliance (VA). However, the keyPassPhrase must be the same.

image

We set the same keyPassPhrase in plain text, but we are getting different encrypted values from our new VA compared to the two older ones, which generate the same encrypted values."

@colin_mckibben may be the new VA use the different salt to encrypted values ?