Installing or updating CAST Imaging with encrypted databases

Overview

This section of documentation provides instructions for situations where you need to either install CAST Imaging from scratch or perform an in-place update to a new release and your CAST Storage Service/PostgreSQL instance(s) are already configured in encrypted mode.

Scenarios and actions are provided below.

Microsoft Windows

Before starting the installation or running an update to a new release you should ensure that for the CAST Storage Service/PostgreSQL instance that will be/is being used to store the control_panel schema and the keycloak_v3 database, the following is true:

Now ensure that the relevant .conf files are correctly defined, in particular defining the following options (see Microsoft Windows installation variables):

  • CSS_SSL_ENABLED
  • CSS_SSL_MODE
  • CSS_SSL_ROOT_CERT
  • CSS_SSL_CERT
  • CSS_SSL_KEY
  • CSS_SSL_KEY_PEM
  • CSS_INI_FILE_PATH

These options ensure that the installer can work with an encrypted target CAST Storage Service/PostgreSQL instance to create/interact with the control_panel schema and the keycloak_v3 database.

Note that:

  • In a “from scratch” installation, additional encrypted CAST Storage Service/PostgreSQL instances can be added post-install for analysis data storage, following the instructions in Configuring an encrypted database instance
  • In an “update” scenario, any additional encrypted CAST Storage Service/PostgreSQL instances that have been added for analysis data storage are not accessed during an in-place update to a new release.

Linux via Docker

There is nothing specific to do because the bundled PostgreSQL instance (container) cannot be configured to function in encrypted mode and this instance is always used to store the persistence schema control-panel and the keycloak_v3 database.