Learn how best to set up Datameer to use password encryption. Using this setup, passwords to a database or the admin password for Datameer itself are encrypted in the
default.properties files. If you are using multiple property files, make sure that these passwords are only set in the overriding file. By default the following passwords are saved as plain text:
This guide shows you how to encrypt the above passwords using Keyczar and set up Datameer to use these encrypted values.
The following requirements need to be met to use password encryption with Datameer.
- Datameer v5.4 or above
plugin-crypto-keyczar-<datameerVersion>.zipplug-in (can be obtained from Datameer services representatives)
- Path name to a directory where the
keystorefile is saved
- The JAVA_HOME environment variable needs to point to the same JAVA where Datameer loads
Before making changes to the Datameer server, stop the Datameer application using the following command:
live.propertiesfile related to your installation, change the property
The encryption of properties in Datameer is disabled per default. Datameer provides two implementations out of the box.
noop(No operation, passes values directly through)
keyczar(uses the Keyczar library to encrypt/decrypt values)
live.propertiesfile related to your installation, set the property
keyczar.key.file=. This is a path to the directory where the file lives.
Copy the plug-in
keystorefile. Note that the
keystoredirectory needs to already exist before this step can be taken. Also the keystore file is named
Create and add a new key file (if it doesn't already exist).
Create encrypted passwords using the
crypt.shscript (found under
<datameerApplciationFolder>/bin/crypt.sh) and copy these encrypted passwords into the
live.propertiesfiles used for your installation.
After copying all encrypted passwords into the
*.propertiesfiles, restart the Datameer application.
When doing encryption/decryption, Datameer uses AES as an algorithm. No alternative algorithms are currently supported. By default, the keys are 128 bits. 192 and 256 bit keys are also supported when the Java Cryptography Extension (JCE) Unlimited Strength file is installed.
The following command creates a key using AES with 128 bits:
The following command creates a key using AES with 256 bits:
When using a custom size an exception might occur:
To fix this, make sure the unlimited strength file is installed.
The following files are required:
- Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
- Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7
These files must be installed under