Versions Compared

Old Version 6

changes.mady.by.user Josefin Klang

Saved on

compared with

New Version Current

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor

To avoid showing for example passwords or PINs as plain readable text, such sensitive data in Identity Manager configuration files can be scrambled. 

...

Scrambling can be used for example in database.properties, system.properties and engineSignEncryptConfig.xml

Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

  • All properties files must use UTF-8 character encoding
  • Attention must be paid, as we also use properties files as constructor arguments in some classes, mostly PKI connectors. Until now, these may not be scrambled.
  • Be careful not to use the .encrypted syntax in properties files that are not passed to the ScramblingPropertyConfigurers, as these will not be scrambled and the setting of the values will fail, since .encrypted will be interpreted as a part of the key.
  • Properties files inside .jar files will not be scrambled and using the .encrypted syntax will lead to errors, since spring will try to set a property named encrypted. You can however set already encrypted properties inside a .jar file.
  • Trying to scramble a property that spans over several lines will result in an error.

...

Expand
titleAdd encryption to parameter in file
To scramble sensitive information in a .properties file or in engineSignEncryptConfig.xml:
  1. Open the file for editing.

  2. Append .encrypted to any sensitive keys in the file, for example password or pin. When the system starts, the values will be encrypted with a key stored in Identity Manager. See the examples below.

Note

Only properties files outside of a .jar file will be replaced. 


...

Expand
titleExample: Encrypt truststore password

Example: If you use the truststore in system.properties, encrypt the truststore password: 

Code Block
titleExample: encrypt keys in engineSignEncryptConfig.xml
# CERTIFICATE VALIDATION:
# -----------------------
# Path to the truststore to use for certificate path validation
jksKeyStoreProvider.keyStorePath=file:apache-tomcat-8.5.24/conf/prime.truststore

# The password for the truststore
jksKeyStoreProvider.keyStorePassword.encrypted=prime

Example result:

Code Block
titleExample result: scrambled keys in engineSignEncryptConfig.xml
# CERTIFICATE VALIDATION:
# -----------------------
# Path to the truststore to use for certificate path validation
jksKeyStoreProvider.keyStorePath=file:apache-tomcat-8.5.24/conf/prime.truststore

# The password for the truststore
jksKeyStoreProvider.keyStorePassword=encrypted:CYyVZis7WITDOIfpC1CNDx==

...


Additional information

Expand
titleUseful links