Update encrypted data using MigrateEncryptedInfo (server online)

When the server is running, we can change the merchant key and update encrypted data with the MigrateEncryptedInfo utility. Use the Key Locator Framework (-k) option to specify the old and new keys to assign a version number to each key.

Note: To update encrypted data with the MigrateEncryptedInfo utility, the server must be offline. For more information, see Updating encrypted data using MigrateEncryptedInfo (server offline).

Before beginning

• The site must use a merchant key that is configured in the Key Locator Framework. That is, a custom key configuration file is already specified in Transaction server Docker container in application_dir/xml/config/wc-server.xml file.
• For Oracle databases, set the UNDO table space to a sufficiently large size. From an SQLPlus prompt, enter the following command:

  alter database datafile undotablespace datafile autoextend on
  maxsize unlimited;

Procedure

1. Back up your database, following the instructions in your database engine documentation.
2. Prepare the new key files and the key configuration file. Specify a new version for the new key that is different from the version used by the existing current key. Typically, the version is one higher than the version of the current key. Place the key configuration file in the following directory:
   • workspace_dir/WC/xml/config
   • (In the Utility server Docker container) application_dir/xml/config

3. Package the changes to the custom XML files (For example, merchantKey_v2.xml, CustomKeys.xml, KeyEncryptionKey.xml, newMerchantKey_v2-1.xml, and newMerchantKey_v2-2.xml).
4. When all the servers are updated with the new key registered:
   1. Run the MigrateEncryptedInfo utility using the Keys Locator Framework (-k) option. Ensure that you are aware of the following considerations when running the utility:
      • If your merchant key is stored in the instance_name.xml file and we want to change the value and store the value in an external file, complete the steps in
        Example 2.
      • If your merchant key is stored in an external file and we want to change the value, complete the steps inExample 3.
      • If your merchant key is stored in an external file and we want to change the value by -interactive parameter and store it to a different file, complete the steps in
        Example 4.

      The MigrateEncryptedInfo tool generates the following log files:

      • migrateFailedRecords_TABLENAME.log
      • MKChangeUserAndCCInfoMigration.log
      • MigrateEncryptedInfoError.log

      in the following directory:

      • utilities_root/logs

      Review the information in these log files. Ensure that there are no error messages.