For security purposes, use the
crsetup.sh script to change the
Cyber Recovery lockbox passphrase and the
Cyber Recovery database and Security Officer (crso) passwords.
Prerequisites
You must provide the lockbox passphrase, which is created during the
Cyber Recovery installation.
Ensure that there are no jobs running before you change the passwords. Otherwise, the
Cyber Recovery vault might go to an unsecured state.
This procedure is disruptive; it shuts down the Docker container services.
About this task
The
Cyber Recovery software uses a lockbox resource to securely store sensitive information, such as credentials for application resources and databases. The lockbox securely manages sensitive information by storing the information in an encrypted format.
Cyber Recovery microservices communicate with the MongoDB database to access policies and other persisted data. The database is password-protected and only accessible by the microservices that run in the
Cyber Recovery environment.
As the Security Officer, use the
Cyber Recovery UI or
Cyber RecoveryCRCLI to change the crso password. However, if you forget the crso password or if there is a change in Security Officer, use the
crsetup.sh script.
Steps
Log in to the management host and go to the
Cyber Recovery installation directory.
Enter the following command:
# ./crsetup.sh --changepassword
Note the cautionary message.
It is highly recommended that you create a
Cyber Recovery DR backup before changing the password.
When prompted, indicate if you want to create a
Cyber Recovery DR backup:
If you type
y, got to the next step.
If you type
n, got step 6.
When prompted, enter the MongoDB password.
The
Cyber Recovery software creates a DR backup.
When prompted, enter
y to continue the procedure.
The script stops the Docker container services.
When prompted, enter the current lockbox passphrase.
If you enter an incorrect passphrase, the procedure exits and restarts the Docker container services.
Optionally, enter and confirm the new lockbox passphrase when prompted.
If you choose not to change the lockbox passphrase, the script then displays the prompt to change the MongoDB password.
Optionally, enter and confirm the new database password when prompted.
If you choose not to change the MongoDB password, the script then ndisplays the prompt to change the crso password.
Optionally, enter and confirm the new crso password when prompted.
Results
The passwords are changed, and the script restarts the Docker container services.
NOTE
If you enter an incorrect password twice at the confirmation prompts, the script makes no changes and restarts the services
If you (as the Security Officer (crso) user) had multifactor authentication enabled, it is disabled when the services start again. Re-enable multifactor authentication.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\