Change the password or PED key contents for the HSM SO. Both the old and the new PED key are required for multifactor quorum-authenticated HSMs.
From time to time, it might be necessary to change the secret associated with
>Regular credential rotation as part of your organization's security policy
>Compromise of a role or secret due to loss or theft of a PED key
>Personnel changes in your organization or changes to individual security clearances
>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
hsm changePw [-oldpw <password> -newpw <password>]
|
Argument(s) |
Shortcut |
Description |
|---|---|---|
| -newpw <password> | -n |
Specifies the new password that is used as the HSM SO's login credential to the HSM. If the new password is not provided on the command line, the you are interactively prompted for the new password, and for confirmation of the new password. In LunaSH, HSM role passwords must be 8-255 characters in length. The following characters are allowed:
The following characters are invalid or problematic and must not be used in passwords: Spaces are allowed; to specify a password with spaces, enclose the password in double quotation marks. |
| -oldpw <password> | -o | Specifies the current password for the HSM SO. If the current password is not provided on the command line, the user is interactively prompted for the current password. |
Example
lunash:>hsm changePw
Please enter the HSM Administrators' current password:
> ********
Please enter a new password for the HSM Administrator:
> ********
Please re-enter password to confirm:
> ******** 'hsm changePw' successful. Command Result : 0 (Success)
