Encryption of the Data at Rest

Process Flow logs are stored in the repository folder. For security reasons, you may want to secure your logs from unauthorized access. Adeptia facilitates you to secure your logs by encrypting the data at rest. With this feature, your logs get stored in the encrypted form. You need to encrypt the logs to secure, to encrypt do the following:

Create Keystore using Keytool
Configure Keystore in Adeptia Suite

Creating Keystore using Keytool

Open Command Prompt (press Win + R and type cmd).
Go to the directory where JRE is installed (for example, C:/Program Files/Java/jre8/bin).
Run the following Keytool command to create a Keystore.
```
keytool -genseckey -keystore <Keystore_path> -storetype jceks -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>
```
where,
genseckey is the Generate SecretKey. This is the flag indicating the creation of a synchronous key which will become AES key.
keystore is the location of the Keystore. If the Keystore does not exist, the tool will create a new store.
storetype is the type of store (JCE, PK12, JCEKS, etc). JCEKS is used to store symmetric keys (AES) not contained within a certificate.
storepass is the password related to the Keystore.
keyalg is the algorithm used to create the key (AES/DES/etc).
keysize is the size of the key.
alias is the name given to the newly created key in which to reference when using the key.
keypass is the password protecting the use of the key.
Exit from the Command Prompt.

Configuring Keystore in Adeptia Suite

Login to Adeptia Suite.
Go to Administer > Setup > Application Settings > Update System Properties.
Expand Systems > Data Encryption at REST.

Set the value in the below parameters:

Property Name	Description
abpm.security.data.encryption.rest.enable	To enable or disable REST.
abpm.security.data.encryption.rest.keystoreLocation	Location of the Keystore that will be used for data encryption.
abpm.security.data.encryption.rest.alias	Alias name for the key.
abpm.security.data.encryption.rest.keystorePasword	Keystore password
abpm.security.data.encryption.rest.keyPassword	Key password

Click Save to save the changes.
Click Reload Configuration to reflect the changes.

If you want to encrypt the existing records (in plain text) present in the Process Flow repository, copy the records in a separate folder. Encrypt the folder using the Encryption Utility. After the records are encrypted successfully, copy the encrypted folder in the Process Flow repository folder.

Using Encryption Utility

You can encrypt or decrypt the files of a folder using Encryption Utility. To encrypt, you need to configure the encryption properties in the encryption-info.properties file.

To encrypt a folder,

Extract the Encryption_Utility.zip file in the bin folder where Adeptia Suite is installed, for example, C:/Program Files/Adeptia Suite SQL/AdeptiaSuite-6.6/bin.
Open the extracted folder.
Open encryption-info.properties file in any Text Editor.

Provide the values for the following properties.

Proeprty Name	Description
encryption.repository.path	Path of the folder to encrypt.
encryption.keystore.location	Keystore location.
encryption.keystore.alias	Alias name for the Keystore.
encryption.key.password	Password of the key used to encrypt.
encryption.keystore.password	Password of the Keystore.

Save the file.
Go to the extracted folder.
For Windows, double-click encrypt.bat.
For Linux, double-click encrypt.sh.
To encrypt the folder, press 1.
The batch file starts encrypting the folder. A message appears "File encrypted successfully" indicates successful encryption.