Process Flow logs are stored in the repository folder. For security reasons, you may want to secure your logs from an unauthorized access. Adeptia facilitates you to secure your logs by encrypting the data at rest. With this feature, your logs get stored in an encrypted form.
To encrypt the data, you need to configure the following:
- Create Keystore using Keytool
- Configure Keystore in Adeptia Suite
Creating Keystore using Keytool
- Open Command Prompt (press Win + R and type cmd).
- Go to the directory where JRE is installed (for example, C:/Program Files/Java/jre8/bin).
Run the following Keytool command to create a Keystore.
keytool -genseckey -keystore <Keystore_path> -storetype jceks -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>
where,
genseckey is the Generate SecretKey. This is the flag indicating the creation of a synchronous key which will become AES key.keystore is the location of the Keystore. If the Keystore does not exist, the tool will create a new store.
storetype is the type of store (JCE, PK12, JCEKS, etc). JCEKS is used to store symmetric keys (AES) not contained within a certificate.
storepass is the password related to the Keystore.
keyalg is the algorithm used to create the key (AES/DES/etc).
keysize is the size of the key.
alias is the name given to the newly created key in which to reference when using the key.
keypass is the password protecting the use of the key.
Exit from the Command Prompt.
Configuring Keystore in Adeptia Suite
- Login to Adeptia Suite.
- Go to Administer > Setup > Application Settings > Update System Properties.
- Expand Systems > Data Encryption at REST.
Set the value in the below parameters:
Property Name Description abpm.security.data.encryption.rest.enable To enable or disable REST. abpm.security.data.encryption.rest.keystoreLocation Location of the Keystore that will be used for data encryption. abpm.security.data.encryption.rest.alias Alias name for the key. abpm.security.data.encryption.rest.keystorePasword Keystore password abpm.security.data.encryption.rest.keyPassword Key password - Click Save to save the changes.
- Click Reload Configuration to reflect the changes.
If you want to encrypt the existing records present in the Process Flow repository (in plain text) then do the following:
- Copy all the records in a separate folder.
- Encrypt the folder using the Encryption Utility.
- After the records are encrypted successfully, copy the records of the encrypted folder in the Process Flow repository folder.
Using Encryption Utility
You can encrypt or decrypt the files of a folder using Encryption Utility. To encrypt or decrypt, you need to configure the encryption properties in the encryption-info.properties file.
To encrypt or decrypt a folder,
- Extract the Encryption_Utility.zip file in the bin folder where Adeptia Suite is installed, for example, C:/Program Files/Adeptia Suite SQL/AdeptiaSuite-6.6/bin.
- Open the extracted folder.
- Open encryption-info.properties file in any Text Editor.
Provide the values for the following properties.
Property NameDescriptionencryption.repository.path Path of the folder to encrypt or decrypt. If you are using the utility in the Windows environment, separate the path by either using backward slash "\\" (C:\\Users\\Smith\\Desktop\\encrypt) or forward slash "/" (C:/Users/Smith/Desktop/encrypt). encryption.keystore.location Keystore location. If you are using the utility in the Windows environment, it is recommended to use \\ in the path. encryption.keystore.alias Alias name for the Keystore. encryption.key.password Password of the key. encryption.keystore.password Password of the Keystore. - Save the file.
- Go to the extracted folder.
- For Windows, double-click encrypt.bat.
For Linux, execute encrypt.sh on the Terminal.
The utility starts running. - To encrypt the folder, press 1.
To decrypt the folder, press 2. - The utility starts encrypting or decrypting the folder. A message appears "Folder encrypted or decrypted successfully" indicates successful encryption.