KVAP (KeyVault Administration Passphrase) is used to authorize admin to initialize and manage the system KeyVault with a passphrase. KVAP is configured during the installation of Web API Server, Worker Server, and Front Server Controller, and requires the access to the keystore (a repository in MongoDB to store and manage all encryption keys to enhance data security). Once configured, KVAP is required for validation when you perform KeyVault administration tasks, such as configuring key rotation1) or adding new servers to scale the system.

Note: 1) The minimum interval between key rotations is 30 days.

 
If you forget the KVAP, you can reset it only if the Reset function has been enabled during your installation process.

Note: The Reset operation is not recommended from a security perspective. Use it only when necessary.

1.Log in to the System Management Page.

2.In the System Management page, select the Advanced Settings tab.

3.In the Reset KeyVault Administration Passphrase (KVAP) area, do the following.

1)Click Request KVAP Passphrase Reset.

2)Review the pop-up information, click I agree > Submit. After receiving your request, NetworkBrain will validate your identity, update your license information and send you a verification file via email.

Tip: The identification file, which contains your license information, will be attached in the request. If you want to delete the relevant information after the request is resolved, select the Delete data when issue resolved check box.

3)Click Browse to upload the verification file that you received from NetBrain.

4)Click Verify and Reset Password. The system will validate the verification file to justify whether you can reset the passphrase.

Note: The verification file will be valid for 48 hours. Uploading expired verification file will lead to verification failure.

5)After the verification file is successfully validated, enter your new passphrase twice, and click Reset.

Tip: The passphrase must comply with the following rules:
- Contain at least 8 characters
- Contain at least one uppercase letter
- Contain at least one lowercase letter
- Contain at least one number
- Contain at least one special character (double quotes are not allowed)