Script Description

Update Script of the Encryption Component Key

The inference service provides the script for updating the root key and master key of the encryption component.

• update_root_key.py: updates the root key. No input parameter is required.
• check_and_update_master_key.py: checks whether the master key has expired. If the master key expires, this script updates the master key.
  • advance_day: Number of days before updating the master key. The value ranges from 1 to 365. The default value is 7.

• Run the update script as a common user instead of a common user in the sudo group using the sudo + command mode.
• As a component, the inference service needs to be integrated into the user's system. If the key update frequency is limited, the key needs to be integrated into the user's system in other ways.
• If https is used when a third party integrates the inference service, you are advised to periodically update the keys to prevent security risks caused by key loss.
• Record audit logs when the key update script is integrated to a third party.

Script for Checking the Certificate Retention Expiration Time

The check_expiry_time.py script is used to check whether the certificate retention period expires. If the retention period expires, the ./config/crt certificate directory is deleted. This script is automatically invoked each time the inference service is started and does not need to be manually executed.