Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Virtru Private Keystore (for Virtru Solutions) - Upgrade

Craig Engle
  • Updated

Requirements

This document assumes that you have a fully functioning Virtru Private Keystore.

About

This article will walk you through Virtru Private Keystore (for Virtru Solutions) - upgrade options, depending on the version of CKS that you have installed you can follow one of the steps below:

Recommended Steps(Version 1.4.0 or newer)

  • Navigate to your Virtru Private Keystore working directory 
    • cd /var/virtru/cks
  • Edit the docker-compose.yaml 
    • nano docker-compose.yaml
  • Update image tags for haproxy, cks, and rsyslog to the latest available version. 
    (Check our release notes to grab the latest version number) 
    • services:
        haproxy:
          image: virtru/haproxy:<newest tag>
    • cks:
         image: virtru/cks:<newest tag>
    • rsyslog:
        image: virtru/rsyslog:<newest tag>
  • Save and exit 
    • ctrl O
      ctrl X
  • Bring down the running containers 
    • docker-compose down
  • Check to make sure no other containers are running or stopped  
    • docker ps -a
  • Bring up the new containers  
    • docker-compose up -d
  • Once this process finishes verify that your containers are running  
    • docker ps
  • Verify that your are able to decrypt one of your existing encrypted emails
  • Once that is verified you are all set, repeat these steps on all servers in your environment if you are running more than one. 

Steps (Version 1.3.6 or older)

Upgrading the Virtru Private Keystore (for Virtru Solutions) is very similar to a standard install except one must gather the existing:

  • Rewrap Keys
  • TLS Certificates
  • HMAC ID
  • HMAC Secret 

The information can be obtained from other CKS instances or the local Virtru CKS.

Log into the Virtru Private Keystore (for Virtru Solutions) that will be upgraded.  The user will most likely need to be elevated to manage items in the folder.

1. Complete backup of Virtru CKS

cd /var/virtru
mkdir backup
cd backup
cp -r /var/virtru/cks .

2. Stop the running CKS

cd /var/virtru/cks
docker-compose down

3. Perform a normal install

  • Install Instructions
    • Use the option to generate a self-signed certificate
    • Use the option to generate RSA keys

4. Replace required files

TLS Certificate

cd /var/virtru/cks/ssl
rm *
cp /var/virtru/backup/cks/ssl/* .

RSA Keys

cd /var/virtru/cks/keys
rm *
cp /var/virtru/backup/cks/keys/* . 

Copy the required values from your back up of cks.env "/var/virtru/backup/cks/env/cks.env"

  • tokenId

  • encryptedToken

cd /var/virtru/backup/cks/env
nano cks.env

Paste those values in your new cks.env

HMAC Token

cd /var/virtru/cks/env
nano cks.env

Note

Any text editor can be used, nano is used for reference.

 

Upgrade steps if running the Virtru Private Keystore in Kubernetes via Helm

In the charts.yaml file, the version for the CKS is dictated in the appVersion value.

Refer to our Release Notes for the latest version number (example: appVersion: v1.8.5). Once you have updated the version number within the charts.yaml file, redeploy the helm charts and check that your cluster is now running the most recent version.

Example:

helm upgrade -n cse -f ./values.yaml cse ./

 

Related articles