Is it possible to programmatically tell Lotus Notes to generate a new secret key?

StackOverflow https://stackoverflow.com/questions/17562397

  •  02-06-2022
  •  | 
  •  

Question

I'm looking for a means to programmatically tell Notes to generate a secret key (like File, Security, User Security, Notes Data, Documents). Is there such? It does not appear so.

The goal is to be able to have a template that auto-provisions all of the secret keys necessary for that application to operate.

Was it helpful?

Solution

As Richard mentions there is no direct way to fully automate this, but you can automate some of it.

In Domino 9 it is possible to create secret keys via the Domino console. So you would do something like the following. 

keymgmt create nek SECRETKEY
keymgmt export nek SECRETKEY FILENAME PASSWORD
keymgmt delete nek SECRETKEY

This will create a .key file of FILENAME. You can then mail this file to the end user. However the end user would need to detach the key file and manually import it into notes. They will also need to know the password to import.

[edit]

To expand on this. You could do the following.

  1. Create your initial secret keys on the server as per the command above.
  2. Create an agent which executes the export with a randomly generated password.
  3. Same agent mails the key file, with instructions to install.
  4. Same agent sends a second email with the randomly generated password.

It won't stop the end user from forwarding on the key/password to someone not authorised to use the database (which is what an IDK prevents), but you could have some level of auditing this way.

OTHER TIPS

As far as I know, the Notes client's secret key generation and management features are not exposed in any of the Notes APIs, including the Notes C API.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top