With standard encryption, accounts are encrypted with cloud-managed keys. With Migrating Accounts, accounts are encrypted with public/private keys that you manage through a Groundplex on your local network.
When you Migrate accounts from one org to another org, consider the following:
If your org is configured for Enhanced Account Encryption, the SnapLogic Create Snap and the SnapLogic Update Snap enable you to create/update accounts when the sensitive fields are provided in plain text. The Snaps will encrypt the data automatically.
The presence of 'key' in the property tells the Snap that the field is already encrypted. Therefore, when the property value is in plain text, make sure you delete the 'key' field in the sensitive property object. Otherwise, the Snap cannot encrypt the field. |
keytool
command either in a single step or multiple steps. Once the keys are added, the Snaplexes on the destination org can be restarted from the dashboard. The restarted JCCs will pick up the added source keys and use them during migration for account re-encryption.Make a backup of both source and destination keystores before proceeding with adding the keys to the destination keystores. |
keytool -importkeystore -srckeystore jcc-datakeys.jks -srcstoretype JCEKS -srcstorepass `cat jcc-datakeys.pass` -srcalias 'account-autogen' -destkeystore <destination-machine>:<keystore-location>/jcc-datakeys.jks -deststoretype JCEKS -deststorepass <destination-machine>:<keystore-location>/jccdatakeys.pass -destalias source-account-autogen |
keytool -importkeystore -srckeystore jcc-datakeys.jks -destkeystore jcc-datakeys-src-copy.jks -srcstoretype JCEKS -deststoretype JCEKS -srcstorepass `cat jcc-datakeys.pass` -deststorepass changeit -srcalias account-autogen -destalias source-account-autogen -srckeypass `cat jcc-datakeys.pass` -destkeypass changeit |
|
2. Copy the temporary keystore to the destination JCCs.
3. Go to the keystore in the destination JCCs. Import (add) the source key to the destination key using the following command:
keytool -importkeystore -srckeystore jcc-datakeys-src-copy.jks -destkeystore jcc-datakeys.jks -srcstoretype JCEKS -deststoretype JCEKS -srcstorepass changeit -srckeypass changeit -deststorepass `cat jcc-datakeys.pass` -srcalias source-account-autogen -destalias source-account-autogen |
4. Change the source key password to use the keystore password.
keytool -keypasswd -alias source-account-autogen -keypass changeit -new `cat jcc-datakeys.pass` |
5. Once the keys are added, you can list the keys to confirm that the source key is added with alias source-account-autogen
keytool -list -keystore jcc-datakeys.jks -storetype JCEKS -storepass `cat jcc-datakeys.pass` |