Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version next
Excerpt

The platform utilizes a key file to encrypt and decrypt usernames and passwords for use in connecting to your relational or Hive datastores. This keyfile provides an extra layer of security through symmetric encryption.

Info

NOTE: You must create and deploy this keyfile in order to create and use relational or Hive connections.

Credentials are encrypted using the AES-128-CBC algorithm.

Requirements for the keyfile:

  • This file is a plain text file stored within the 
    D s item
    itemplatform
    rtrue
    .
  • This file must be deployed before any database connection is created.
  • This file must contain a text string that is the key to use. 
  • The text string can be any string. It should be randomized and not easy to guess.
  • After creation, this file cannot be modified.
  • This file is shared for all JDBC connections. It does not need to be shared with any database server.
Warning

You, the customer, are responsible for the security of this file. It should be secured such that 1) only the root user has read/write access and 2) the

D s item
user
user
has read only access. After the file has been created, it cannot be modified. If it needs to be moved, use the steps below to indicate its new location for the platform.

You must store this file within the 

D s item
deployment
deployment
 and reference it through the platform configuration.

D s config

  1. Locate the following configuration. Specify the path to the keyfile relative to the top-level deployment location. Include the filename:

    Code Block
    "encryption.keyFile": "/opt/trifacta/conf/.key/customerKey",
  2. Save your changes. 

A platform restart is required.