Previous Topic: DBUtil: RiskMinder Database ToolNext Topic: Updating the Master Key

CA RiskMinder Administration GuideTools for System AdministratorsDBUtil: RiskMinder Database ToolUsing DBUtil Options

Using DBUtil Options

The following table lists the options for dbutil. In this table, key-value pair refers to either DSN, password, or database username/password pair. The DSN/password is used by RiskMinder Server, while user name/password is used by Administration Console and User Data Service.

Important! Because the master key is used for encrypting sensitive information, for security reasons, the DBUtil tool does not provide any options to view the key value.

Option

Description

-h

Displays the Help for the tool.

Syntax:

dbutil -h

-init

Creates a new securestore.enc with the new master key that you specify, as discussed in "Updating the Master Key".

Syntax:

dbutil -init key

 

For example:

dbutil -init MasterKeyNew

dbutil -init RiskFortDatabaseMKNew

 

Important! This command succeeds only if there is no securestore.enc in the conf directory.

-pi

Inserts an additional key-value pair into securestore.enc.

Syntax:

dbutil -pi <key> <value> [-h HSMPin [-d HSMModule]]

 

-h HSMPin is required if securestore.enc is protected by HSM cryptography.

-d HSMModule is optional when -h is present. It defaults to "nfast"
(NCipher).

For example:

dbutil -pi RiskFortBackupDSN dbapassword

dbutil -pi Jack userpassword

dbutil -pi Jack userpassword -h hsmpassword -d chrysalis

 

Important! Each key can have only one value. If you have already inserted a key-value pair, then you cannot insert another value for the same key.

-pu

Updates the value for an existing key-value pair in securestore.enc. This feature can be used when you need to update the database password.

Syntax:

dbutil -pu <key> <value> [-h HSMPin [-d HSMModule]]

 

For example:

dbutil -pu RiskFortDatabaseDSN newPassword

dbutil -pu Jack userPassword

dbutil -pu Jack userpassword -h hsmpassword -d chrysalis

-pd

Deletes the specified key-value pair from securestore.enc.

Syntax:

dbutil -pd <key> [-h HSMPin [-d HSMModule]]

For example:

dbutil -pd RiskFortDatabaseDSNOld

dbutil -pd Jack

-i

Inserts the specified primary name-value pair in securestore.enc, if hardware-based encryption is used to secure the data in this file. This is used during server startup to provide HSM initialization information.

Syntax:

dbutil -i <primeKey> <HSMPin>

where primeKey is the name of the HSM module.

 

For example:

dbutil -i chrysalis hsmpassword

-u

Updates the specified primary name-value pair in securestore.enc, if hardware-based encryption is used to secure the data in this file.

Syntax:

dbutil -u <primeKey> <HSMPin>

where primeKey is the name of the HSM module.

For example:

dbutil -u chrysalis newhsmpassword

-d

Deletes the specified primary name-value pair from securestore.enc, if hardware-based encryption is used to secure the data in this file.

Syntax:

dbutil -d <primeKey>

where primeKey is the name of the HSM module.

For example:

dbutil -d chrysalis