Skip to main content

Recrypt Support for Key Rotation

The 24.10 release introduces support for recrypting collection secrets for key rotation. This allows collection secrets stored on the App server to be re-encrypted with a new key.

Recrypt process:

  • The collector downloads the encrypted collection secrets from the App server, re-encrypts them with the new key using AES-256 encryption, and sends the re-encrypted collection secrets back to the server.
  • Only an on-premises collector can decrypt the collection secrets for this process.

How to recrypt collection secrets:

  1. Run the Recrypter: Launch the Forward Networks Collector Recrypter from within the Forward Networks Collector directory on the collector.
  2. Enter Hex Encryption Key: Paste the new 256-bit encryption key in hex format into the Hex Encryption Key field, then click Next to proceed.
  3. Recryption Process: While the recryption is in progress, the following actions are automatically performed:
    1. Collector services are stopped to ensure data integrity during recryption.
    2. The collection secrets are re-encrypted with the new key.
    3. Once recryption is complete, collector services restart automatically. Collector Recrypter
    4. When the collector reconnects, the App server will automatically update the encryption key hash associated with the collector.