linotp.controllers.migrate module

migration controller -

support the migration of encrypted data towards new encryption key or new hsm

class linotp.controllers.migrate.MigrateController(name, install_name='', **kwargs)

Bases: BaseController

backup()

POST /migrate/backup

create a backup of
  • the encrypted token data, which could be seed or pin (if encrypted) or userpin (used in motp, ocra2)

  • the config entries of type password

the data
  • is encrypted with a given passphrase

  • and stored in an backup file (defined by the hash of backupid)

Parameters
  • pass – passphrase used for encrypting data in the backup file

  • backupid – used to controll the intermediate backup file

restore()

POST /migrate/restore

restore the encrypted config and token data from a backup file

the restore relies on a backup file, which was created by the migrate/backup command. The file contains per line a config or token entry, where each line is a json dump. The first line of the backup file contains the salt, the last one the number of entries written

Parameters
  • pass – passphrase used for encrypting data in the backup file

  • backupid – used to controll the intermediate backup file

  • (optional) (remove_backup) – if set to False, backup file will not be deleted after backup. Default is that backup is deleted, even in case of error