Document toolboxDocument toolbox

Managing Credentials from Kyvos Manager

Owned by NIDHI BHANDARI
Last updated: May 31, 2024 by DocReviewer
3 min read

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

The Manage Credentials feature in Kyvos Manager enables you to:

Functionality

AWS

Azure

GCP

On-prem

Functionality

AWS

Azure

GCP

On-prem

Change Node Authentication

Change Repository Password

Change Password Encryption

Change Password Storage

Important

The Change Password Storage feature is not applicable to Kyvos Single Node Installation (Kyvos SNI).

Changing Repository Password

This feature allows you to change the Kyvos repository password provided at the time of cluster deployment. The BI Server uses this password to connect to the Kyvos repository.

To change the password, perform the following steps.

  1. On the Kyvos Manager navigation pane, click Manage Credentials.

  2. Click Change repository password.

  3. On the displayed Change Repository Password dialog box, provide the Current Password, New Password, and Confirm New Password.

  4. Provide Kyvos Manager Password to continue.

  5. Click the Save button to save your change.

Note

You MUST restart the BI Server to bring the new password into effect.

Changing Password Encryption

You can change password encryption to  configure a cryptographic algorithm at the application level. All sensitive information stored in the Azure Key Vault or AWS Secrets Manager is also encrypted using the cryptographic algorithm.
To change the password encryption, perform the following steps.

  1. On the Kyvos Manager navigation pane, click Manage Credentials.

  2. Click Change repository password.

  3. On the displayed Encryption Algorithm dialog box, select the encryption from any of the following options.

Note

Kyvos supports both 128 and 256 versions for all the supported algorithms. 

  1. DEFAULT: MD5 encryption for Kyvos user login password and DES for saved passwords for other services.

  2. AES_CBC: In this mode, each ciphertext block is dependent on all plain text blocks processed up to that point. Kyvos supports both 128 and 256 variants for this.

  3. AES_CFB: This mode can be used as a stream cipher. First, it encrypts the IV, and then it will xor with the plain text block to get ciphertext. Then CFB encrypts the encryption result to xor the plain text. It needs an IV. Kyvos supports both 128 and 256 variants for this.

  4. AES_GCM: This mode operates by XOR'ing (eXclusive OR) each block with the previous block and cannot be written in parallel. Kyvos supports both 128 and 256 variants for this.

  5. Provide Kyvos Manager Password to continue.

  6. Click the Save button to save your changes.

Changing Password Storage

Kyvos Manager allows you to migrate your repository passwords (like SMTP, LDAP, Repository, OIDC, etc.) from the configuration files to a secrets storage services of cloud (like Secrets Manager in AWS cloud, Key Vault in Azure cloud, Secrets Manager in GCP cloud).

Copyright Kyvos, Inc. All rights reserved.