Process Flow logs are stored in the repository folder. For security reasons, you may want to secure your logs from unauthorized access. Adeptia facilitates you to secure your logs by encrypting the data at rest. With this feature, your logs get stored in the encrypted form.To encrypt, you need to configure the following:
- Create Keystore using Keytool
- Configure Keystore in Adeptia Suite
Creating Keystore using Keytool
- Open Command Prompt (press Win + R and type cmd).
- Go to the directory where JRE is installed (for example, C:/Program Files/Java/jre8/bin).
Run the following Keytool command to create a Keystore.
keytool -genseckey -keystore <Keystore_path> -storetype jceks -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>
where,
genseckey is the Generate SecretKey. This is the flag indicating the creation of a synchronous key which will become AES key.keystore is the location of the Keystore. If the Keystore does not exist, the tool will create a new store.
storetype is the type of store (JCE, PK12, JCEKS, etc). JCEKS is used to store symmetric keys (AES) not contained within a certificate.
storepass is the password related to the Keystore.
keyalg is the algorithm used to create the key (AES/DES/etc).
keysize is the size of the key.
alias is the name given to the newly created key in which to reference when using the key.
keypass is the password protecting the use of the key.
Exit from the Command Prompt.
Configuring Keystore in Adeptia Suite
- Login to Adeptia Suite.
- Go to Administer > Setup > Application Settings > Update System Properties.
- Expand Systems > Data Encryption at REST.
Set the value in the below parameters:
Property Name Description abpm.security.data.encryption.rest.enable To enable or disable REST. abpm.security.data.encryption.rest.keystoreLocation Location of the Keystore that will be used for data encryption. abpm.security.data.encryption.rest.alias Alias name for the key. abpm.security.data.encryption.rest.keystorePasword Keystore password abpm.security.data.encryption.rest.keyPassword Key password - Click Save to save the changes.
- Click Reload Configuration to reflect the changes.
If you want to encrypt the existing records (in plain text) present in the Process Flow repository, copy the records in a separate folder. Encrypt the folder using the Encryption Utility. After the records are encrypted successfully, copy the encrypted folder in the Process Flow repository folder.
Using Encryption Utility
You can encrypt or decrypt the files of a folder using Encryption Utility. To encrypt, you need to configure the encryption properties in the encryption-info.properties file.
To encrypt a folder,
- Extract the Encryption_Utility.zip file in the bin folder where Adeptia Suite is installed, for example, C:/Program Files/Adeptia Suite SQL/AdeptiaSuite-6.6/bin.
- Open the extracted folder.
- Open encryption-info.properties file in any Text Editor.
Provide the values for the following properties.
Property NameDescriptionencryption.repository.path Path of the folder to encrypt. encryption.keystore.location Keystore location. encryption.keystore.alias Alias name for the Keystore. encryption.key.password Password of the key used to encrypt. encryption.keystore.password Password of the Keystore. - Save the file.
- Go to the extracted folder.
- For Windows, double-click encrypt.bat.
For Linux, double-click encrypt.sh. - To encrypt the folder, press 1.
- The batch file starts encrypting the folder. A message appears "File encrypted successfully" indicates successful encryption.