|
| 1 | +# Changing the registered orchestrator agent for multiple Cert Stores |
| 2 | + |
| 3 | +This example demonstrates how to change the registered orchestrator agent for multiple certificate stores in Keyfactor |
| 4 | +Command using the `kfutil` CLI tool. This is particularly useful when you need to update the orchestrator agent for a |
| 5 | +large number of stores efficiently. |
| 6 | + |
| 7 | +## Assumptions |
| 8 | + |
| 9 | +- You have `kfutil` installed and configured to connect to your Keyfactor Command instance. |
| 10 | +- You know the IDs of the Orchestrator Agents you want to switch to. |
| 11 | +- You have permissions to export and update certificate stores in Keyfactor Command. |
| 12 | + |
| 13 | +## Step 1: Export Certificate Stores |
| 14 | + |
| 15 | +First, export the certificate stores that you want to update. This will create a CSV file containing the details of the |
| 16 | +stores. |
| 17 | + |
| 18 | +```bash |
| 19 | +kfutil stores export --all |
| 20 | +``` |
| 21 | + |
| 22 | +This will export all certificate stores to multiple CSV files based on their store types. Example: |
| 23 | + |
| 24 | +```shell |
| 25 | +kfutil stores export --all |
| 26 | + |
| 27 | +Stores exported for store type with id 183 written to AwsCerManA_stores_export_1765829171.csv |
| 28 | + |
| 29 | +Stores exported for store type with id 178 written to K8SJKS_stores_export_1765829172.csv |
| 30 | + |
| 31 | +Stores exported for store type with id 180 written to K8SPKCS12_stores_export_1765829173.csv |
| 32 | +``` |
| 33 | + |
| 34 | +## Step 2: Modify the CSV File |
| 35 | + |
| 36 | +Open the exported CSV files in a spreadsheet editor or text editor. Locate the `AgentId` column and update the values |
| 37 | +to the new Orchestrator Agent ID that you want to assign to each store. |
| 38 | + |
| 39 | +## Step 3: Import the Updated CSV File |
| 40 | + |
| 41 | +After updating the CSV files with the new Orchestrator Agent IDs, you can import them back into Keyfactor Command using |
| 42 | +the following command: |
| 43 | + |
| 44 | +```bash |
| 45 | +kfutil stores import csv --file /path/to/updated/csv/file.csv --sync --no-prompt |
| 46 | +``` |
| 47 | + |
| 48 | +The `--sync` flag ensures that the import operation updates existing stores rather than creating duplicates. The |
| 49 | +`--no-prompt` flag allows the operation to run without user interaction. |
| 50 | + |
| 51 | +Example: |
| 52 | + |
| 53 | +```shell |
| 54 | +kfutil stores import csv --file K8SPKCS12_stores_export_1765743627.csv --store-type-name K8SPKCS12 -z --no-prompt |
| 55 | +11 records processed. |
| 56 | +9 certificate stores successfully created and/or updated. |
| 57 | +2 rows had errors. |
| 58 | +Import results written to K8SPKCS12_stores_export_1765743627_results.csv |
| 59 | +``` |
| 60 | + |
| 61 | +## Step 4: Verify the Changes |
| 62 | + |
| 63 | +After the import is complete, verify that the certificate stores have been updated with the new Orchestrator Agent IDs. |
| 64 | +You can do this by exporting the stores again or checking directly in the Keyfactor Command interface. |
| 65 | + |
| 66 | +# FAQ |
| 67 | + |
| 68 | +## Q: Where can I find the Orchestrator Agent IDs? |
| 69 | + |
| 70 | +A: You can find the Orchestrator Agent IDs in the Keyfactor Command interface under the Orchestrator Agents section, or |
| 71 | +you can get a full list by using `kfutil orchs list`[docs](../../../docs/kfutil_orchs.md). |
0 commit comments