Two encryption keys are now used by Talend Studio, Talend Administration Center and Talend components to encrypt passwords.
system.encryption.key
: for encrypting properties and nexus passwords.routine.encryption.key
: for encrypting passwords of generated Jobs.
The default values of these two keys system.encryption.key.v1 and routine.encryption.key.v1 are stored in the encryption key configuration file /configuration/studio.keys, which is created under the installation directory of your Talend Studio after you run the Talend Studio executable file Talend-Studio-linux-gtk-x86_64 for the first time. Below is an example of the newly created studio.keys file.
system.encryption.key.v1=ObIr3Je6QcJuxJEwErWaFWIxBzEjxIlBrtCPilSByJI\=
routine.encryption.key.v1=YBoRMn8gwD1Kt3CcowOiGeoxRbC2eNNVm7Id6vA3hrk\=
Talend allows you to modify only
once the default system encryption key value before you log on to a project by removing
its default value and restarting Talend Studio, ObIr3Je6QcJuxJEwErWaFWIxBzEjxIlBrtCPilSByJI\=
in
above example. The default routine encryption key value cannot be modified. If you have
already logged on to a project, Talend allows you to rotate an encryption key by adding a new version of
the key in the encryption key configuration file.
- The new version of the system encryption key will take effect for a Job only after you modify and save the Job.
- Since a Job runs in a single JVM, after rotating the routine encryption key for Talend Studio, you also need to update the JVM for all Jobs.