Migrating Accounts

Owned by Lisa Kelly
Last updated: Dec 08, 2022 by Ruth Stento
3 min read

Organizations with multiple Orgs can migrate Accounts from one Org to another. There are several ways to migrate Accounts:

  • From the Project options menu:
    • Export to a zip file and import to the target Org.
    • Migrate from one Org to the other.
  • From the Assets table: 
    • Select the Accounts to migrate and click the toolbar Copy button.

Both Project options allow you to migrate all accounts. To migrate individual Accounts, select them in the Assets table and copy them.

Encryption for Migrated Accounts

It is possible for different Orgs owned by the same organization to use different types of Account encryption. Because of the security risk, SnapLogic does not support the migration of accounts from Orgs with Enhanced Encryption to Orgs using standard account encryption. In this situation, you must manually recreate the accounts in the target Org.

When you Migrate Accounts from one Org to another, consider the following:

  • The new Accounts you create by importing or migrating a Project or by copying from the Assets table are automatically re-encrypted with destination Org keys when you migrate the account from one Org (source) to another Org (destination), provided:
    • You are migrating the accounts from an Org with standard account encryption to an Org with standard or Enhanced Encryption. In this case, the source Org must be configured to recognize the destination Org as a trusted Org. Org admins can configure Organizational Settings to establish trust between Orgs. 
    • You are migrating the accounts from an Org with Enhanced Encryption to another Org using Enhanced Encryption. In this case, you or a Snaplex administrator must add the source Org’s private keys to the JCC keystores in the destination Org. The source private keys should be added with an alias name different from that of the destination key alias. We recommend that you append the Org name to the source key alias.

  • If your org is configured for Enhanced Account Encryption, the SnapLogic Create Snap and the SnapLogic Update Snap enable you to create/update accounts when the sensitive fields are provided in plain text. The Snaps will encrypt the data automatically.

    The presence of 'key' in the property tells the Snap that the field is already encrypted. Therefore, when the property value is in plain text, make sure you delete the 'key' field in the sensitive property object. Otherwise, the Snap cannot encrypt the field. 

Migrating from One Enhanced Encrypted Org to Another

For re-encryption of accounts when they are migrated from one enhanced encrypted org to another enhanced encrypted org, the private keys of the source org should be available on all the JCCs of the destination org. Use the steps below to add the source keys to the keystores in the destination JCCs. The idea is to export and import source keys to the destination JCCs. This can be done using a keytool command either in a single step or multiple steps. Once the keys are added, the Snaplexes on the destination org can be restarted from the dashboard. The restarted JCCs will pick up the added source keys and use them during migration for account re-encryption.

Make a backup of both source and destination keystores before proceeding with adding the keys to the destination keystores.

Single Command

Run the following command on source keystore location. This command directly adds the keys to the destination keystore. It requires the host address of the destination machine.
keytool -importkeystore -srckeystore jcc-datakeys.jks
-srcstoretype JCEKS -srcstorepass `cat jcc-datakeys.pass` 
-srcalias 'account-autogen' -destkeystore <destination-machine>:<keystore-location>/jcc-datakeys.jks -deststoretype JCEKS 
-deststorepass <destination-machine>:<keystore-location>/jccdatakeys.pass -destalias source-account-autogen 

Multiple-Step Process (Recommended)

  1. Export the source key to a temporary keystore. 

    keytool -importkeystore -srckeystore 
jcc-datakeys.jks -destkeystore 
jcc-datakeys-src-copy.jks -srcstoretype JCEKS -deststoretype JCEKS -srcstorepass 
`cat jcc-datakeys.pass` -deststorepass changeit -srcalias account-autogen -destalias source-account-autogen -srckeypass 
`cat jcc-datakeys.pass` -destkeypass changeit
    • Both source and destination key-aliases are by default account-autogen. So while importing the source key to destination, a new name should be chosen for source key-alias. A recommended name would have source org name followed by account-autogen. For example, SnaplogicDev-account-autogen.
    • The keys are accessed by the same password that is used for the store that is stored in a .pass file. While exporting the source key to a temporary keyfile, use a temporary password. For example, changeit.
  2. Copy the temporary keystore to the destination JCCs.

  3. Go to the keystore in the destination JCCs. Import (add) the source key to the destination key using the following command:

    keytool -importkeystore -srckeystore 
jcc-datakeys-src-copy.jks 
-destkeystore jcc-datakeys.jks -srcstoretype JCEKS -deststoretype JCEKS -srcstorepass changeit -srckeypass changeit -deststorepass `cat jcc-datakeys.pass` 
-srcalias source-account-autogen 
-destalias source-account-autogen

  4. Change the source key password to use the keystore password.

    keytool -keypasswd -alias 
source-account-autogen -keypass changeit 
-new `cat jcc-datakeys.pass`

  5. Once the keys are added, you can list the keys to confirm that the source key is added with alias source-account-autogen

    keytool -list -keystore jcc-datakeys.jks 
-storetype JCEKS -storepass `cat jcc-datakeys.pass`

Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.