Passwords, mostly configured in Metadata by users, are encrypted to not appear in clear in the delivery files or in the logs for instance.
The key used by a Stambia DI Runtime to encrypt or decrypt passwords can be customized in configuration files.
This article demonstrates how to configure the Stambia DI Runtime to change it.
- Stambia DI Runtime S17.5.7 or higher
At the moment the key can be changed in Stambia DI Runtime only.
Stambia DI Designer and Stambia DI Production Analytics does not support yet generating deliveries using a custom key.
When the password cyphering key is changed in the Stambia DI Runtime, you must produce your deliveries using the builddelivery.bat / builddelivery.sh scripts.
The idea is to generate the package from the Stambia Di Designer, extract the configuration with the builddelivery.bat / builddelivery.sh scripts, specify the newly encrypted password in, and build the delivery with this configuration.
To generate the newly encrypted password, connect to the Stambia DI Runtime and use the "encrypt" command (see the reference documentation for further information about using commands in the Stambia DI Runtime.)
About the keys
The custom key that will be used to replace the default one must be placed inside a Java keystore. This key must be generated as following:
keytool -genkey -alias <dummykey> -keystore "<path to keystore>/<keystore file name>.jks"
The keystore must then be specified in the Stambia DI Runtime as explained in the following article.
Changing the key for password cyphering will then be as simple as defining which of the specified key should be used for that.
When the keystores are defined, simply uncomment the following parameter to customize the key used for password cyphering.
The value should correspond to the "name" of a key defined under a keystore node.
<parameter name="passwordCipheringKeyName" value="runtimekey"/>
Example of corresponding keystore configuration:
<keystore path="D:/keystores/keystore.jks" password="password" type="JKS">
<key name="runtimekey" alias="key01" password="password"/>