Talend MDM uses
a base64-encoded encryption key to encrypt all passwords in
- the mdm.conf and datasources.xml
configuration files located in <MDM_ROOT>\conf, and
- the data-authoring-gateway.properties and
data-authoring-proxy.properties configuration files located
in <MDM_ROOT>/apache-tomcat/conf for Talend Data Authoring for MDM.
By default, the encryption key is auto-generated and saved as the value of the
mdm.encryption.key
property in the <MDM_ROOT>\apache-tomcat\conf\aeskey.dat file when you start your
MDM
server for the first time.
Talend MDM
allows you to modify the encryption key by either of the following two ways:
- updating the value of the
mdm.encryption.key
property in the
<MDM_ROOT>\apache-tomcat\conf\aeskey.dat file, or
- adding a system property
encryption.keys.file
to use an encryption
key in another properties file.
Pay attention to the following for the MDM
encryption key:
- After the MDM
encryption key for a Talend MDM
instance is generated or modified, the MDM
encryption key must be used for all the Talend Studio
clients interacting with the MDM instance.
- You can create connections to as many MDM
servers as needed in Talend Studio.
The MDM
encryption key in Talend Studio
must be the same as the key in the MDM
server interacting with Talend Studio.
To ensure this consistency, you can update the MDM
encryption key for Talend Studio
based on the MDM
instance interacting with Talend Studio
and restart Talend Studio.
About this task
The following procedure shows you how to configure
MDM
encryption key.
Procedure
-
If the passwords in the mdm.conf and
datasources.xml configuration files have already been
encrypted, replace them with plain text.
-
If you are using Talend Data Authoring for MDM and if the passwords in the
data-authoring-gateway.properties and
data-authoring-proxy.properties configuration files
have already been encrypted, replace them with plain text.
-
Generate your new encryption key using a base64 encode tool, for example, https://www.base64encode.org.
Warning: The length of the input string must be 16 or 32.
-
To configure the MDM encryption key for a Talend MDM instance:
-
To use the encryption key in the <MDM_ROOT>\apache-tomcat\conf\aeskey.dat
file, set the value of the
mdm.encryption.key
property
in the file to the new base64-encoded encryption key and save your
changes.
mdm.encryption.key=<base64_encoded_encryption_key>
where <base64_encoded_encryption_key>
is the new
encryption key generated in the base64 encode tool.
-
To use the encryption key in another properties file, add the
mdm.encryption.key
property in the file and set the
new base64-encoded encryption key as its value, then add the following
system property in the <MDM_ROOT>\apache-tomcat\bin\catalina.bat
file:
set "JAVA_OPTS=%JAVA_OPTS% -Dencryption.keys.file=<key_file_path>"
where <key_file_path>
is the path to the
properties file, for example,
D:\mdm-encryption-key\mdmkey.dat.
-
Restart your MDM server.
The passwords in the
mdm.conf and
datasources.xml configuration files will be
encrypted with the new encryption key.
Note:
- The encrypted passwords might be different even if their
plain text versions are the same.
- The passwords are re-encrypted every time your MDM server is restarted.
-
If needed, repeat the previous step to configure the MDM encryption key for other Talend MDM instances.
-
To configure the MDM encryption key for a Talend Studio client:
-
Open the \configuration\studio.keys file under the Talend Studio installation directory.
-
Add the
mdm.encryption.key
property or modify its
value if it already exists.
-
Restart Talend Studio.
-
If needed, repeat the previous step to configure the MDM encryption key for other Talend Studio clients.