When the any Process Flow executes, all the temporary files are stored in the a repository folder. For security reasonsTo prevent it from misuse, you may want to secure your repository folder from an unauthorized access. Adeptia facilitates you to secure your repository by encrypting the data at rest. With this feature, your repository gets stored in an encrypted form.the folder. You can secure the repository folder by encrypting data in the folder.
To encrypt the data, you need to configure the following:
...
- Open Command Prompt.
- Go to the directory where JRE is installed (for example, C:/Program Files/Java/jre8/bin).
Run the following Keytool command to create a Keystore.
For Windows:
keytool.exe -genseckey -keystore <Keystore_path> -storetype <store_type> -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>
For Linux:
keytool -genseckey -keystore <Keystore_path> -storetype <store_type> -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>
where,
<Keystore_path> is the location of the Keystore. If the Keystore does not exist, the tool will create a new store.<store_type> is the type of store. Only JCEKS is supported.
<Keystore_password> is the password related to the Keystore.
<alias_name> is the name to be given to the newly created key.
<Key_password> is the password protecting the use of the key.
The Keystore is generated at the specified location.
Exit from the Command Prompt.
...
- Login to Adeptia Suite as an administrator.
- Go to Administer > Setup > Application Settings > Update System Properties.
- Expand Systems > Data Encryption at rest.
Set the value in the below parameters:
Property Name Description abpm.security.data.encryption.rest.enable To enable or disable data encryption at rest. The possible value can be either Yes or No. abpm.security.data.encryption.rest.keystoreLocation Location of the Keystore that will be used for data encryption. abpm.security.data.encryption.rest.alias Alias name for the key. abpm.security.data.encryption.rest.keystorePasword Password of the Keystore. abpm.security.data.encryption.rest.keyPassword Password of the Key. - Click Save to save the changes.
- Click Reload Configuration to reflect the changes.
Restart Kernel and WebRunner.
Before enabling Encrypting data at rest feature, However, after you enable the encryption, the data at rest (data stored before you enabled the encryption) remains in plain text, thus not encrypted. Therefore, before enabling the encryption it is advisable to run the Encryption utility to encrypt the existing records present in the repository. If you do not encrypt the data then after before enabling the feature you will find the encryption, the plaintext data in the repository creating hindrance in the encrypted data and plain text.would hamper the running of the process flow.
If due to some reasons you don not want to encrypt the data at rest before enabling the encryption, then follow the below steps
To encrypt the existing records present in the Process Flow repository (in plain textplaintext):
- Copy all the records in a separate folder.
- Encrypt the folder using the Encryption Utility.
- After the records are encrypted successfully, copy the records of the encrypted folder in the Process Flow repository.
After you encryt have encrypted the data, enable the Encrypting data at rest feature. When the utility executes, you will have the encrypted data in the repository including the previous one.
...