2 min read Key Store

Do It Right. Migrate Your Secrets And Configs To A New Key Store

Do It Right. Migrate Your Secrets And Configs To A New Key Store
"A secret remains a secret until you make someone promise never to reveal it." –Fausto Cercignani

In the ever-evolving landscape of data security, the significance of migrating secrets and configurations from one key store to another cannot be overstated. As organizations navigate the complexities of modern infrastructure, ensuring a seamless transition for sensitive information becomes paramount. A well-executed migration process is not merely a technical necessity but a strategic imperative. This blog explores the crucial importance of migrating with precision, delving into the potential pitfalls of overlooking this critical aspect of data management, and offering insights into best practices for a secure and successful transition.

If you decided to migrate your secrets and configurations from one key store to another, I guess you are past the research process and you got compatibility and performance out of the way. If not, checking these properties is a must before you go on.

Note:
Consider a key store that differentiates between non-sensitive and sensitive data.
Modern key stores offer secret encryption at rest, rule base access and are considered more secure.

Key store migrating cheat sheet

  1. Make sure all the entries you need are present in the new store.
  2. Most of the time we will render properties during the deployment pipeline (Jenkins, TeamCity, etc). Create a new step in the pipeline and render a new file with the new renderer.
  3. If you have multiple environments, you should start your tests with the least important environment (eg Stage). Save the output of both files and text-compare them to make sure the files are exactly the same.
  4. Once done testing in one environment continue to the next one, compare the output files again, and continue to the next environment.
  5. Even if all looks good, keep the old process at hand for a while, it might come in handy in case you'll need to roll back your changes. Create automated tests and execute manual tests to make sure migration worked as expected.
  6. Do not forget to communicate the changes and explain to the R&D team how your changes affect their day-to-day work.

Published by:

Matan Parker