Tenant Migration Utility
The Tenant Migration Utility is provided with the SafeNet IDPrime Virtual solution. This is a command-line utility used to migrate existing 2048-bit key tenants to 4096-bit key tenants.
During the tenant migration, the following operations are performed:
-
Generation of New Keys: New 4K asymmetric key pairs (Tenant Exchange Key and Tenant Sign Scope Key) are generated within the HSM.
-
Re-signing Database Records: The signatures for all rows in the tables, Tenant, Token, Key, ApiKey, and DeriveCredentialIssuance are regenerated using the new 4K Sign Scope Key and then updated in the database.
-
ClientConfig Update: The modulus and exponent of the new 4K Tenant Exchange Key are updated in
ClientConfig. -
Tenant Version Update: The tenant version is upgraded to 2.
Note
-
No server or container restart is required. It is updated automatically upon the completion of tenant migration.
-
If the migration process fails due to an error, it can be re-run and will resume from the last execution point.
Caution
It is highly recommended to set the correct value of ServerPublicUrl in the appsettings.yaml file as this URL is used by the Migration tool. The ServerPublicUrl will be your IDPV server URL.
Running the Tenant Migration Utility
Perform the following steps to run the Tenant Migration Utility:
-
Open the terminal and run the following command to access the docker container:
- Docker:
docker exec –it <idprime-virtual-server-container-name> sh -
Run the following command inside the container to execute the tenant migration process:
migrate_tenants <comma-separated-tenant-IDs>For example,
migrate_tenants 8b6ad028-3266-4718-88f3-11ace3b90d78, 8c6ad028-3266-4718-88f3-11ace3b90d70
The migration process runs sequentially, managing one tenant at a time. The output screenshot below shows:-
The migration progress of each tenant during the process.
-
The total execution time upon completion of the migration activity.
-
