When using an automatically opening keystore, you do not need to enter the passphrase and you can automatically open the keystore when the instance starts. Execute the pgx_keystore command to enable automatic opening of the keystore.
> pgx_keystore --enable-auto-open /key/store/location/keystore.ks Enter the passphrase: Automatic opening of the keystore is now enabled >
See
Refer to "pgx_keystore" in the Reference for information on pgx_keystore command.
When automatic opening is enabled, an automatically opening keystore is created in the same directory as the original keystore. The file name of the automatically opening keystore is keystore.aks. The file keystore.aks is an obfuscated copy of the decrypted content of the keystore.ks file. As long as this file exists, there is no need to enter the passphrase to open the keystore when starting the instance.
Do not delete the original keystore file, keystore.ks. It is required for changing the master encryption key and the passphrase. When you change the master encryption key and the passphrase, keystore.aks is recreated from the original keystore file, keystore.ks.
Protect keystore.ks, keystore.aks, and the directory that stores the keystore so that only the user who starts the instance can access them.
Configure the permission of the files so that only the user who starts the instance can access the SQL functions and commands that create these files. Accordingly, manually configure the same permission mode if the files are restored.
Example
# chown -R fsepuser:fsepuser /key/store/location # chmod 700 /key/store/location # chmod 600 /key/store/location/keystore.ks # chmod 600 /key/store/location/keystore.aks
To use WebAdmin for backup and recovery, you must enable automatic opening of the keystore.
An automatically opening keystore will only open on the computer where it was created.
To disable automatic opening of the keystore, delete keystore.aks.
