/
[SoftNAS KB]: Changing/Rotating S3 Keys

[SoftNAS KB]: Changing/Rotating S3 Keys

Oct 15, 2021

Symptoms

 Your organization requires that you change your S3 keys on a regular basis in order to ensure security. 

Purpose

This article provides the steps required to switch your S3 keys for a new set. These instructions will be performed on a recurring basis. This article assumes you know how to create/obtain/deactivate S3 keys in the AWS console.

Resolution

1. Log into your instance using SSH.

  •  

    • For guidance on how to connect to your Linux instance, click here.

    • For Guidance on how to connect to your Windows Instance, click here.

2. Log into AWS, and create new keys via the Amazon AWS console, under IAM Management. Deactivate the old keys.
3. Encrypt the new key using the cmd_encrypt.php utility in your command shell.



php /var/www/softnas/snserver/cmd_encrypt.php encrypt AKIAXXXXXXXXSPZ5XxXA

php /var/www/softnas/snserver/cmd_encrypt.php encrypt aXj46XcPjSKXxXxXxszZAx2xXxxXqdXxxxQbxM0n



4. Insert the output into /var/www/softnas/config/s3config.ini instead of the old awsAccessKey and awsSecretKey entries.

[global]



awsAccessKey = "BkZWXXXxxXXxSlEMVFBfXXXXXxVUDgcXXxxbCwZfXzQKMVENU1cAQQ=="

awsSecretKey= "VjXXXXX+XXXXXlEEBzAHV1RqAw1XXXXXB3XXXXX9VHpdFwF0UXoEXlXXXXX5UN1NvCV0CfVtgVxEEIVJrUAoXXXX7B2QHVQc7XXXXXlc2DWM="



5. Reboot the instance.
6. Confirm that the S3-backed volumes remain accessible and operational.

Outage required:

None.