Configuring MDM encryption key - 8.0

Talend Installation Guide for Linux

Version
8.0
Language
English
EnrichDitaval
Linux
EnrichSubscriptionType
Subscription
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
Available in...

Data Fabric

MDM Platform

Talend MDM uses a base64-encoded encryption key to encrypt all passwords in

  • the mdm.conf and datasources.xml configuration files located in <MDM_ROOT>/conf, and
  • the data-authoring-gateway.properties and data-authoring-proxy.properties configuration files located in <MDM_ROOT>/apache-tomcat/conf for Talend Data Authoring for MDM.

By default, the encryption key is auto-generated and saved as the value of the mdm.encryption.key property in the <MDM_ROOT>/apache-tomcat/conf/aeskey.dat file when you start your MDM server for the first time.

Talend MDM allows you to modify the encryption key by either of the following two ways:

  • updating the value of the mdm.encryption.key property in the <MDM_ROOT>/apache-tomcat/conf/aeskey.dat file, or
  • adding a system property encryption.keys.file to use an encryption key in another properties file.

Pay attention to the following for the MDM encryption key:

  • After the MDM encryption key for a Talend MDM instance is generated or modified, the MDM encryption key must be used for all the Talend Studio clients interacting with the MDM instance.
  • You can create connections to as many MDM servers as needed in your Talend Studio. The MDM encryption key in Talend Studio must be the same as the key in the MDM server interacting with Talend Studio. To ensure this consistency, you can update the MDM encryption key for Talend Studio based on the MDM instance interacting with Talend Studio and restart Talend Studio.

About this task

The following procedure shows you how to configure MDM encryption key.

Procedure

  1. If the passwords in the mdm.conf and datasources.xml configuration files have already been encrypted, replace them with plain text.
  2. If you are using Talend Data Authoring for MDM and if the passwords in the data-authoring-gateway.properties and data-authoring-proxy.properties configuration files have already been encrypted, replace them with plain text.
  3. Generate your new encryption key using a base64 encode tool, for example, https://www.base64encode.org.
    Warning: The length of the input string must be 16 or 32.
  4. To configure the MDM encryption key for a Talend MDM instance:
    1. To use the encryption key in the <MDM_ROOT>/apache-tomcat/conf/aeskey.dat file, set the value of the mdm.encryption.key property in the file to the new base64-encoded encryption key and save your changes.
      mdm.encryption.key=<base64_encoded_encryption_key>

      where <base64_encoded_encryption_key> is the new encryption key generated in the base64 encode tool.

    2. To use the encryption key in another properties file, add the mdm.encryption.key property in the file and set the new base64-encoded encryption key as its value, then add the following system property in the <MDM_ROOT>/apache-tomcat/bin/catalina.sh file:
      JAVA_OPTS="$JAVA_OPTS -Dencryption.keys.file=<key_file_path>"

      where <key_file_path> is the path to the properties file, for example, /home/mdm-encryption-key/mdmkey.dat.

      Note that if the encryption key is defined in both the aeskey.dat file and your own properties file, the encryption key in your own properties file takes the priority.

    3. Restart your MDM server.
      The passwords in the mdm.conf and datasources.xml configuration files will be encrypted with the new encryption key.
      Note:
      • The encrypted passwords might be different even if their plain text versions are the same.
      • The passwords are re-encrypted every time your MDM server is restarted.
  5. If needed, repeat the previous step to configure the MDM encryption key for other Talend MDM instances.
  6. To configure the MDM encryption key for a Talend Studio client:
    1. Open the /configuration/studio.keys file under your Talend Studio installation directory.
    2. Add the mdm.encryption.key property or modify its value if it already exists.
    3. Restart your Talend Studio.
  7. If needed, repeat the previous step to configure the MDM encryption key for other Talend Studio clients.