Requirements
This document assumes that you have a fully functioning Virtru Private Keystore.
About
This article will walk you through Virtru Private Keystore (for Virtru Solutions) - upgrade options, depending on the version of CKS that you have installed you can follow one of the steps below:
Backup Your Keystore
Before performing any updates, ensure you back up all directories and files.
Commands:
cd /var/virtru
mkdir backup
cd backup
cp -r /var/virtru/cks .
Recommended Steps(Version 1.8.5 or newer)
Have you followed the cutover steps?
If you are on version 1.8.5 or newer and have not cut over to the newer install method, please follow the steps outlined here before continuing below: https://support.virtru.com/hc/en-us/articles/17922693793431-Virtru-Private-Key-store-for-Virtru-Solutions-Existing-Customers-Cutover-Steps-to-one-container
- Navigate to your Virtru Private Keystore working directory
cd /var/virtru/cks
- Edit the run.sh script
nano run.sh
- Update image tags cks to the latest available version.
(Check our release notes to grab the latest version number)cks:docker run \ --name Virtru_CKS \ --interactive --tty --detach \ --env-file /var/virtru/cks/env/cks.env \ -v /var/virtru/cks/keys/:/app/keys \ -v /var/virtru/cks/ssl/:/app/ssl \ -p 443:9000 \ --restart unless-stopped \ containers.virtru.com/cks:<latestCKSVersion>
-
Using the text editor Save and exit
ctrl O ctrl X
-
Bring down the running containers
docker stop <containerID> docker rm <containerID>
-
Check to make sure no other containers are running or stopped
docker ps -a
-
Bring up the new container
sh run.sh
-
Once this process finishes verify that your container is running
docker ps -a
- Verify that your are able to decrypt one of your existing encrypted emails
- Once that is verified you are all set, repeat these steps on all servers in your environment if you are running more than one.
Recommended Steps(Version 1.4.0-1.8.4)
Deprecated after version 1.8.4
Deprecated after version 1.8.4
This method has been deprecated after version 1.8.4, please follow the steps above to cut over to the new install method and container location
- Navigate to your Virtru Private Keystore working directory
cd /var/virtru/cks
- Edit the docker-compose.yaml
nano docker-compose.yaml
- Update image tags for haproxy, cks, and rsyslog to the latest available version.
(Check our Release Notes to grab the latest version number)services: haproxy: image: virtru/haproxy:<newest tag>cks: image: virtru/cks:<newest tag>rsyslog: image: virtru/rsyslog:<newest tag>
-
Save and exit
ctrl O ctrl X
-
Bring down the running containers
docker-compose down
-
Check to make sure no other containers are running or stopped
docker ps -a
-
Bring up the new containers
docker-compose up -d
-
Once this process finishes verify that your containers are running
docker ps
- Verify that your are able to decrypt one of your existing encrypted emails
- Once that is verified you are all set, repeat these steps on all servers in your environment if you are running more than one.
Steps (Version 1.3.6 or older)
Upgrading the Virtru Private Keystore (for Virtru Solutions) is very similar to a standard install except one must gather the existing:
- Rewrap Keys
- TLS Certificates
- HMAC ID
- HMAC Secret
The information can be obtained from other CKS instances or the local Virtru CKS.
Log into the Virtru Private Keystore (for Virtru Solutions) that will be upgraded. The user will most likely need to be elevated to manage items in the folder.
1. Complete backup of Virtru CKS
cd /var/virtru
mkdir backup
cd backup
cp -r /var/virtru/cks .2. Stop the running CKS
cd /var/virtru/cks
docker-compose down3. Perform a normal install
-
Install Instructions
- Use the option to generate a self-signed certificate
- Use the option to generate RSA keys
4. Replace required files
TLS Certificate
cd /var/virtru/cks/ssl
rm *
cp /var/virtru/backup/cks/ssl/* .RSA Keys
cd /var/virtru/cks/keys
rm *
cp /var/virtru/backup/cks/keys/* . Copy the required values from your back up of cks.env "/var/virtru/backup/cks/env/cks.env"
tokenId
encryptedToken
cd /var/virtru/backup/cks/env
nano cks.envPaste those values in your new cks.env
HMAC Token
cd /var/virtru/cks/env
nano cks.env Note
Any text editor can be used, nano is used for reference.
Follow these steps if running the Virtru Private Keystore upgrade in Kubernetes via Helm