Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Process Flow logs When any Process Flow executes, all temporary files are stored in the a repository folder. For security reasonsTo prevent it from misuse, you may want to secure your logs from unauthorized access. Adeptia facilitates you to secure your logs by encrypting the data at rest. With this feature, your logs get stored in the encrypted form. You need to encrypt the logs to secure, to encrypt do the folder. You can secure the repository folder by encrypting data in the folder. 

To encrypt the data, you need to configure the following:

  • Create Keystore using Keytool
  • Configure Keystore in Adeptia Suite

Info

Multiple streams in data mapping are not supported when encryption at rest is enabled.

Creating Keystore using Keytool

  1. Open Command Prompt (press Win + R and type cmd).
  2. Go to the directory where JRE is installed (for example, C:/Program Files/Java/jre8/bin).
  3. Run the following Keytool command to create a Keystore.

For Windows:

keytool.exe -genseckey -keystore <Keystore_path> -storetype

...

 <store_type> -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>

For example:

keytool.exe -genseckey -keystore <> -storetype JCEKS -storepass changeit -keyalg AES -keysize 256 -alias <> -keypass changeit

For Linux:

keytool -genseckey -keystore <Keystore_path> -storetype <store_type> -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>

where,
          genseckey is the Generate SecretKey. This is the flag indicating the creation of a synchronous key which will become AES key.

...

For example:

keytool -genseckey -keystore <> -storetype JCEKS -storepass changeit -keyalg AES -keysize 256 -alias <> -keypass changeit

where,

<Keystore_path> is the location of the Keystore. If the Keystore does not exist, the tool will create a new store. 

 

...

<store_type> is the type of store

...

. Only JCEKS is supported.

       

...

<Keystore_password> is the password related to the Keystore. 

       

...

          keysize is the size of the key.

...

<alias_name> is the name to be given to the newly created

...

key.

...

       

...

<Key_password> is the password protecting the use of the key.  

  

The Keystore is generated at the specified location. Exit from the Command Prompt.

Configuring Keystore in Adeptia Suite

  1. Login to Adeptia Suite as an administrator.
  2. Go to Administer > Setup > Application Settings > Update System Properties.
  3. Expand Systems > Data Encryption at RESTrest.
  4. Set the value in the below parameters:

    Property NameDescription
    abpm.security.data.encryption.rest.enableTo enable or disable
    REST
    data encryption at rest. The possible value can be either Yes or No.
    abpm.security.data.encryption.rest.keystoreLocationLocation (absolute path) of the Keystore that will be used for data encryption.
    abpm.security.data.encryption.rest.aliasAlias name for the key.
    abpm.security.data.encryption.rest.keystorePaswordPassword of the Keystore
    password
    .
    abpm.security.data.encryption.rest.keyPasswordPassword of the Key
    password
    .


  5. Click Save to save the changes.
  6. Click Reload Configuration to reflect the changes.

...

  1. Restart Kernel and WebRunner.

However, after you enable the encryption, the data stored before you enabled the encryption remains in plaintext. Therefore, before enabling the encryption it is advisable to run the Encryption utility to encrypt the existing records (in plain text) present in the Process Flow repository, copy the records data present in the repository. If you do not encrypt the existing data, before enabling the encryption, repository data displayed on the GUIs may not be displayed correctly.

If due to any reason if you have not encrypted the existing data and have executed the transaction with encryption enabled, then in the repository folder the data will be a combination of plaintext and encrypted text. Therefore, you must encrypt plaintext separately. To do this:

  1. Move all the plaintext data in a separate folder. 
  2. Encrypt the folder using the Encryption

...

  1. utility. 
  2. After the records are encrypted successfully, copy the data of the encrypted folder in

...

  1. the repository.

After you have encrypted the data, enable the Encrypting data at rest feature. When the utility executes, you will have the encrypted data in the repository including the previous one. 

Using Encryption Utility

You can encrypt or decrypt the files of a folder repository using Encryption Utility. To encrypt or decrypt, you need to configure the encryption properties in the encryption-info.properties file.

To encrypt or decrypt a folder,:

  1. Download Encryption utility.
  2. Extract the Encryption_Utility.zip file in the bin folder where Adeptia Suite is installed, for example, C:/Program Files/Adeptia Suite SQL/AdeptiaSuite-6x.6x/bin/Encryption_utility.
  3. Open the extracted folder.
  4. Open encryption-info.properties file in any Text Editor.
  5. Provide the values for the following properties.

    Proeprty
    Property Name
    Description
    encryption.repository.pathPath of the folder to encrypt or decrypt. If you are using the utility in the Windows environment, separate the path by either using a backward slash "\\" (C:\\Smith\\Encrypt) or forward slash "/" (C:/Smith/Encrypt).
    encryption.keystore.locationKeystore location. If you are using the utility in the Windows environment, separate the path by either using a backward slash "\\" (D:\\Encrypt\\keystore.jck) or forward slash "/" (D:/Encrypt/keystore.jck).
    encryption.keystore.aliasAlias name for the Keystore.
    encryption.key.passwordPassword of the key
    used to encrypt
    .
    encryption.keystore.passwordPassword of the Keystore.
    encryption.excluded.file.

    Image Removed

     
    patternRegex pattern to exclude files. You can define the pattern of the file here that you don't want to encrypt/decrypt. For example, in the screenshot below as per the given pattern, the utility will not encrypt the file in a format where there are numerical values of 30 characters on both sides of the exclamation sign.

    Image Added


  6. Save the file.
  7. Go to the extracted folder. 
  8. For Windows, double-click encrypt.bat.
    For Linux, double-click encrypt.shexecute encrypt.sh on the Terminal.
    The utility starts running.
  9. To encrypt the folder, press 1.
    To decrypt the folder, press 2.
    Image Removed
    Image Added

  10. The

    batch file

    utility starts encrypting or decrypting the folder. A

    message appears "File encrypted successfully

    message "Encryption or Decryption has successfully completed" indicates successful encryption or decryption.

    Info
    You can view the details of the execution from the encryptionUtils.log file available at C:/Program Files/Adeptia Suite/AdeptiaSuite-x.x/bin/Encryption_utility. You can also find the reason for the failure of the execution from this file.