...
Note | ||
---|---|---|
| ||
For local password storage, you will need to sure that the encryption key is "in sync" across your replicated instances. The way ProVision/ACP works is that when we have to store a password to an external system we encrypt it in our database, then store the encryption key outside the database on the file system. This way if there is a database compromise, access credentials are unusable. The encryption key is stored in a file described in the "secure_dir" parameter in the ProVision/ACP config.php file. It is typically: 'secure_dir' => '/var/www/secure/' The file will be named "[your-database].keyFile". If you have installations in master-master configuration, and one or more of the keyFiles is out of sync with the rest of the cluster, that out-of-sync node will be encrypting passwords that the other nodes cannot decrypt. The solution for this is to just pick a keyFile and replicate it across all the nodes. If a keyFile is lost it means that no stored passwords will be able to be decrypted. This can be fixed by just re-entering the passwords. After copying the KeyFile, please ensure that you check permissions on the file. |