Previous Topic: DBUtil: AuthMinder Database ToolNext Topic: Updating the Master Key

CA AuthMinder Administration GuideTools for System AdministratorsDBUtil: AuthMinder Database ToolUsing DBUtil Options

Using DBUtil Options

The following table lists the options for DBUtil. In this table, key-value pair refers to either DSN, password, or database user name/password pair. The DSN/password is used by AuthMinder Server, while user name/password is used by Administration Console and User Data Service.

Option

Description

-h

Displays the Help for the tool.

Syntax:

dbutil -h

-init

Creates a new securestore.enc with the new master key that you specify, as discussed in "Updating the Master Key".

Syntax:

dbutil -init key

For example:

dbutil -init MasterKeyNew

dbutil -init WebFortDatabaseMKNew

Important! This command succeeds only if there is no securestore.enc in the conf directory.

-pi

Inserts an additional key-value pair into securestore.enc, as discussed in "Updating the Master Key".

Syntax:

dbutil -pi <key> <value> [-h HSMPin [-d HSMModule]]

-h HSMPin is required if securestore.enc is protected by HSM cryptography.

-d HSMModule is optional when -h is present. It defaults to "nfast"
(NCipher).

For example:

dbutil -pi WebFortBackupDSN dbapassword

dbutil -pi Jack userpassword

dbutil -pi Jack userpassword -h hsmpassword -d chrysalis

Important! Each key can only have one value. If you have already inserted a key-value pair, then you cannot insert another value for the same key.

-pu

Updates the value for an existing key-value pair in securestore.enc. This feature can be used when you need to update the database password.

Syntax:

dbutil -pu <key> <value> [-h HSMPin [-d HSMModule]]

For example:

dbutil -pu WebFortDatabaseDSN newPassword

dbutil -pu Jack userPassword

dbutil -pu Jack userpassword -h hsmpassword -d chrysalis

-pd

Deletes the specified key-value pair from securestore.enc.

Syntax:

dbutil -pd <key> [-h HSMPin [-d HSMModule]]

For example:

dbutil -pd WebFortDatabaseDSNOld

dbutil -pd Jack

-i

Inserts the specified primary name-value pair in the securestore.enc file, if hardware-based encryption is used to secure the data in this file. This is used during server startup to provide HSM initialization information.

Syntax:

dbutil -i <primeKey> <HSMPin>
where primeKey is the name of the HSM module

For example:

dbutil -i chrysalis pin

-u

Updates the specified primary name-value pair in the securestore.enc file, if hardware-based encryption is used to secure the data in this file.

Syntax:

dbutil -u <primeKey> <HSMPin>
where primeKey is the name of the HSM module

For example:

dbutil -u chrysalis newHSMpin

-d

Deletes the specified primary name-value pair, if hardware-based encryption is used to secure the data in this file.

Syntax:

dbutil -d <primeKey>

where primeKey is the name of the HSM module

For example:

dbutil -d chrysalis