Changing Cloud Controller Database (CC_DB) encryption key after the DB has been created?


Daniel van Dorp
 

This is a follow-up of this Google Groups conversation:
https://groups.google.com/a/cloudfoundry.org/d/msg/vcap-dev/AnJm9aGe07Y/eB9qv689b2gJ

Basically, for a development installation setup via this:
https://github.com/cloudfoundry-community/cf-boshworkspace/blob/master/deployments/cf-aws-large.yml#L39

I want to change the secret over there to a random-generated value instead.

When I do this before using the installation (eg. creating spaces and apps), all is well.

However, if I do this after using the installation, I get these errors:
FAILED
Error finding available spaces
Server error, status code: 500, error code: 10001, message: An unknown error occurred.

Pretty much what was mentioned here:
https://groups.google.com/a/cloudfoundry.org/d/msg/vcap-dev/AnJm9aGe07Y/N25ejNpHWyYJ

On the conversation that I'm trying to follow-up here ( https://groups.google.com/a/cloudfoundry.org/d/msg/vcap-dev/AnJm9aGe07Y/N25ejNpHWyYJ ), it is stated:
"you can't change your DB encryption key in your manifest after the DB has been created!"

That would mean, that after using an installation, you can never change your secrets for the CC_DB again?
I find that hard to believe personally, since the secret can be changed just fine at a lot, if not all, other places within CF.
There should be a workaround/manual fix/procedure for this kind of change to the CC_DB, I think?

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.