Overview
This guide provides instructions to upgrade the Virtru Private Keystore (for Google Workspace CSE) to the latest version.
Depending on your installed version, you may need to update your environment variables and container image.
Backup Your Keystore
Before performing any updates, create a backup of your existing configuration and key materials.
cd /var/virtru mkdir backup cd backup cp -r /var/virtru/cse .
Recommended Steps (Version 5.9.2 or Newer)
Google recently made updates to the JWKS_AUTHZ_ISSUERS variable.
If you are upgrading to version 5.9.2 or newer, you must both update your container image and modify this variable to maintain compatibility.
Step 1: Navigate to Your Working Directory
cd /var/virtru/cse
Step 2: Edit the cse.env File
nano cse.env
Locate the existing JWKS_AUTHZ_ISSUERS variable and replace it with the new, base64-encoded value as referenced here:
Virtru Support — Reference: Virtru Private Keystore for Google Workspace CSE ENV Variables
Ensure that the value is base64 encoded before saving.
Save and exit:
CTRL + O ENTER CTRL + X
Step 3: Update the Container Image
Change the last two lines in your run.sh script to reflect the latest version number and repository location.
Note: Check the Virtru Release Notes for the latest tagged version number.
Example command:
docker run --detach \ --env-file ./cse.env \ -p 443:9000 \ -v /var/virtru/cse/server.cert:/run/secrets/server.cert \ -v /var/virtru/cse/server.key:/run/secrets/server.key \ --restart unless-stopped \ --name cse-v<Latest Tagged Version> \ containers.virtru.com/cse:v<Latest Tagged Version>
Example (using version v5.9.2):
--name cse-v5.9.2 \ containers.virtru.com/cse:v5.9.2
Save and exit the file:
CTRL + O ENTER CTRL + X
Step 4: Stop and Remove Existing Containers
sudo docker stop $(docker ps -a -q) sudo docker rm $(docker ps -a -q)
Step 5: Run Setup Script
cd /var/virtru/cse sudo sh run.sh
Step 6: Verify the Running Version
sudo docker ps
The output should resemble:
CONTAINER ID IMAGE 000000000000 containers.virtru.com/cse:<latest tagged version>
If the container is running successfully, proceed to verify decryption of an existing encrypted file or message.
Upgrade Steps (Kubernetes via Helm)
If your Virtru Private Keystore (for Google Workspace CSE) is deployed in Kubernetes, follow the Helm-based upgrade instructions provided here:
Virtru Private Keystore for Google Workspace – Kubernetes Upgrade Guide