Command line configuration switches

When using the command line utility to install, configure, upgrade, or uninstall Trust Protection Platform, there are a number of allowed switches. This utility requires you to use an elevated command prompt.

The command line argument is:

Copy

Command line argument

1
TppConfiguration.exe < -install:<xml> [-add] | -decrypt:<xml> -password | -encrypt:<xml> -password | -keyimport:<pem> -password | -keyexport:<pem> -password | -uninstall | -hsmpin:<pin> | -dboconfig:<cfg> | -dbgrant:<user> | -sqlconfig:<cfg> | -addtrust:<dll> | -deltrust:<dll> | -help | -enablemmc | -identitypwd:<pw> > [-password:<pw>] | -log:<file>]

Some switches require master admin authentication. They are noted in the table below. When you use a switch that requires master admin authentication, you can either:

Provide the -username: and -password: inline in the command.
Wait until prompted by the application to enter the master admin credentials.

Switch	Requires auth	Description
`-?`	No	Shows the online help.
`-install:<xml>`	No	Runs the installer with the configuration options specified in the (unencrypted) answer file. For example, if the answer file is located at `c:\answerfile.xml`, this switch would be: `-install:C:\answerfile.xml`
`-install:<xml> -password:<pw>`	No	Runs the installer with the configuration options specified in the answer file, and supplies the password to decrypt the answer file. For example, if the answer file is located at `c:\answerfile.xml,` and the decryption password for the file is `ExamplePassword`, this switch would be: `-install:C:\answerfile.xml -password:ExamplePassword`
`-add`	No	Runs the installer in the mode that adds this Venafi server to an existing Venafi server cluster (servers that share a single database).
`-uninstall`	No	Uninstalls Trust Protection Platform from the Venafi server. Removes Venafi registry values, and backs up settings to a registry file stored in the same folder as the log file. This switch is used by Windows when you use Program Features to uninstall Trust Protection Platform. NOTE This does not remove the .msi. It only removes the websites and registry entries.
`-hsmpin:<pin>`	No	Allows setting the HSM PIN in an HSM-only environment. This is necessary if the HSM pin has been changed, and needs to be updated in Trust Protection Platform. NOTE When used without the <pin> argument, you w ll be prompted for the pin.
`-dboconfig:<cfg>`	No	Allows changing the SQL database owner account connection information from the command line. You can use this, for example, for automated updating of the SQL database owner account password.
`-dbgrant:<user>`	Yes	Provides the necessary grants to the Venafi database for the specified user to be an operational database service accounts. This is helpful when using Windows Authentication and users need to launch WebAdmin or Venafi Support Tool.
`-decrypt:<xml>`	Yes	Decrypts the specified XML file. (Requires `-password`)
`-encrypt:<xml>`	Yes	Encrypts the specified XML file. (Requires `-password`)
`-keyimport:<pem>`	Yes	Imports the default software key. (Requires `-password`)
`-keyexport:<pem>`	Yes	Exports the default software key. (Requires `-password`)
`-sqlconfig:<cfg>`	No	Allows changing the SQL operational account connection information from the command line. You can use this, for example, for automated updating of the SQL operational account password.
`-addtrust:<dll>`	No	The path to a custom DLL, allowing it to be added as a trusted resource. For custom development modules, this feature adds the signature of the custom module as trusted resource so the custom features can be added to Trust Protection Platform.
`-deltrust:<dll>`	No	Allows you to remove a DLL from being a trusted resource.
`-help`	No	Shows a help file in the command line window, describing these features and settings.
`-enablemmc`	Yes	Adds or replaces MMC access grant for the current user. Use `-username:` and `-password:` to provide Trust Protection Platform user credentials on the command line. Otherwise, you will be prompted for credentials.
`-identitypwd:<pw>`	Yes	Requests to change the service account password of an identity connector. `<pw>` is the new password. Uses `-prefix`, `-username`, and `-password` and will prompt if any are omitted.
`-log:<file>`	No	Allows you to override the default location of the log file where the results of the configuration process are stored. If you want to save the log file at `C:\Temp\VenafiLog.txt`, the switch would be: `-log:C:\Temp\VenafiLog.txt`
`-company:<name>`	Yes	Sets the company name for the system.
`-deployment:<t>`	Yes	Sets the deployment type for the system. Allowed values for `<t>` are: `D` - Development `T` - Test `S` - Staging (pre-production) `U` - User Acceptance Test (UAT) `P` - Production

You can combine the switches as needed. For example, here is a command line argument that installs the software on this Venafi Trust Protection Platform server, while connecting to an existing database using a configuration file, and overwriting the default log file location:

TppConfiguration.exe -install:C:\answerfile.xml -add -password:Washington -log:C:\Temp\VenafiLog.txt