Setting the custom key for encryption - 8.0

Talend Real-Time Big Data Platform Installation Guide for Linux

Version
8.0
Language
English (United States)
EnrichDitaval
Real-Time Big Data Platform for Linux
Product
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
In the <tomcat_path>\WEB-INF\classes\configuration.properties file, the master.key parameter is mandatory for encoding and decoding all sensitive information. If this parameter is missing, Talend Administration Center can not work properly.

After the installation of Talend Administration Center, it is mandatory to rotate the master key. To do so:

  1. In the Database Configuration page of Talend Administration Center, click Change master key.
  2. Enter text (there is no limitation for text) in the Change master key field and click Launch Key Rotation.
    The new master key will be hashed in SHA256, encoded in base256 and saved in <tomcat_path>\WEB-INF\classes\configuration.properties. The property with information when this master key was last used is also added. For example,
    master.key.2020-08-19-17-40=âjhiàkjjiinioliâknqãolmßqppãllkß
    master.key.2020-08-19-17-40_LastUsed=2020-08-19
    2020-08-19-17-40 is the identifier of the new master key which contains the master key creation time just to understand which master key is the latest.

    Re-encryption of sensitive data will be started and execution of master key rotation will be logged in accordance to logging configuration. For more information, see Setting up the Logging parameters in Talend Administration Center User Guide.

    You can clean unused master keys manually or configure automatic cleaner in database by enabling master.key.cleaner to positive number. By default automatic master key cleaner is disabled. The value of master.key.cleaner means the quantity of days when master key is unused before it is cleaned. The latest master key will be never deleted.

    Warning:

    master.key.*** properties cannot be changed or added directly in <tomcat_path>\WEB-INF\classes\configuration.properties. You can only delete unused ones.

    If you have the same master.key.*** name, you need to do the rotation on one of the databases, and delete old master keys.

If your Talend Administration Center is in cluster mode, proceed as follow to rotate the master key:

  1. Stop all Talend Administration Center nodes in the cluster except the one where master key rotation will be executed.
  2. Start the master key rotation in the Database Configuration page.
  3. Copy the new master key master.key.YYYY-MM-dd-HH-ss that is generated in the <tomcat_path>\WEB-INF\classes\configuration.properties file to the configuration.properties of all Talend Administration Center nodes.
  4. Start the Talend Administration Center nodes that have been stopped.