Hello, Systems in a COOP'ed environment are rsync'ed from the original systems. As the COOP systems are rsync'ed, the config files include the hashed value of the encryption key. Question: when the COOP systems are activated, will the encryption work as it was in the original environment?
Thank you.
If you mean the keys such as password for SSL and others for clustering from inputs.conf and server.conf those are based on the $SPLUNK_HOME/etc/auth/splunk.secret. The Splunk instances need to all share that splunk.secret for the values to decrypt properly. If you did not have splunk.secret in place before starting Splunk the first time you could have to test to make sure you don't miss copying all possible files that are encrypted using it.
I often will take splunk.secret from a cluster master and place it on cluster nodes before starting them the first time. This ensures all cluster members share the same secret and configs can just have the encrypted value in the files.
I don't know how many people are aware that COOP stands for "Continuity of Operations"
Sorry about using the words COOP systems. This pertains to the federal sector as this refers to systems that are set up for the purpose of disaster recovery. An answer to the question that has been asked will be much appreciated.
Thank you