Community
 
 
 

CloudPortal Business Manager 1.x

342 followers
 
Avatar
Administrator

Configuration of CPBM 1.4 - Cloud Portal Encryption Key

Avatar

Configuration of CPBM 1.4 - Cloud Portal Encryption Key

Hey all,

i setup Cloud Plattform 3.0.5 with the option "cloud-setup-databases" and i use the option for Management server key and for database key.

When I use the install script of CPBM 1.4.4 to configure CPBM, there is a point in the setup which is called

"Provide CloudPortal Security Settings"
----------------------------------------------------------------------------------------
Cloud Portal Encryption Key [AlphaMango654321]:

So my question is, for what is this key used? must this the same key as i used for CCP setup as database key?

The documentation says nothing about the key and for what is it used...

Thank you and Best Regards


Marcel Keller MEMBERS
6 comments
0

Please sign in to leave a comment.

 
 

Previous 6 comments

Avatar
Administrator
Avatar

Configuration of CPBM 1.4 - Cloud Portal Encryption Key

Hi Marcel,

Yes, the details on the use of the key is not documented. A sort note is described in the System overview as follows:

"Encryption is applied to all sensitive data in the CloudPortal Business Manager databases such as Email addresses and passwords. These values are encrypted using Advanced Encryption Standard standard AES-128."
----

CPBM uses this key to encrypt all sensitive data in cloud portal databases.

This key can be different than the key you use for CloudPlatform.


Madan Ganesh Velayudham CITRIX EMPLOYEES
Comment actions Permalink
Avatar
Administrator
Avatar

Hey Madang,

thank you for the fast reply.

Ok, i understand. But at what time is the key set on the Database?

When i configure the first CPBM node, is set the key, on the second node, i provide the same key which i set on the first, node, is this right?

Another point is, the passwords in the cloud.properties files are still written in cleartext... Ist there a way to encrypt them?


Marcel Keller MEMBERS
Comment actions Permalink
Avatar
Administrator
Avatar

Thats a valid question. Please use the key same across nodes as the DB will be shared across nodes. It is essential that CPBM process (running on different node) can decrypt the DB with the same key.

It is true that current versions do not support encrypted passwords in cloud.properties.


Madan Ganesh Velayudham CITRIX EMPLOYEES
Comment actions Permalink
Avatar
Administrator
Avatar

Actually, that's not true. We do support password encryption in property files. It's not enabled by default or supported in the install yet, though.

To encrypt passwords, you can use jasypt CLI to generate the encyrpted password and set it as for eg:

profile.jdbc.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)

and then start the server with the encryption key set as an inline environment variable.

We will post more detailed instructions shortly.


Vijaykumar Natarajan CITRIX EMPLOYEES
Comment actions Permalink
Avatar
Administrator
Avatar

Hi Marcel,

Properties in the cloud.properties can be encrypted using the Jasypt CLI (http://www.jasypt.org/cli.html).
Please follow the below steps to encrypt the property values:
1. Encrypt the value using the Jasypt CLI, example: +*./encrypt.sh input="property_value" password="AlphaMango654321"*+. This will return the encrypted value similar to "hTlRbHnkL2+4Kbzv7aPiuw=="
2. Update the value of the property with the encrypted value, example: property=ENC(hTlRbHnkL2+4Kbzv7aPiuw==)
3. Save the encryption password in the environment variable PORTAL_SECRET on the CPBM server, example: export PORTAL_SECRET=AlphaMango654321
4. Restart the CPBM server.

Thanks,
Manish

Edited by: Manish Agarwal on Nov 27, 2012 1:22 PM


Manish Agarwal CITRIX EMPLOYEES
Comment actions Permalink
Avatar
Administrator
Avatar

Hey Manish, Hey Vijay,

works like a charme!

Thank you very much!


Marcel Keller MEMBERS
Comment actions Permalink

Top Contributors