Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 J de Koning (Jeroend3)
Rabobank Nederland

Rabobank Nederland
NL
Jeroend3 Member since 2014 4 posts
Rabobank Nederland
Posted: Apr 26, 2017
Last activity: May 8, 2017
Posted: 26 Apr 2017 10:10 EDT
Last activity: 8 May 2017 10:19 EDT
Closed
Solved

Encryption of passwords used by prpcUtils (i.e. not in prconfig.xml and prbootstrap.properties)

We are trying to encrypt our JDBC passwords by creating a Keyring, as described in the Pega SAS course material (and various PDN pages).

While doing so we realized that prpcUtils.sh (Import and ExportRAP) as well as migrate.sh (needed for Pega-HA) are not using prconfig.xml and prbootstrap.properties.

Instead, they use prpcUtils.properties and migrateSystem.properties, respectively. Neither the -Dpegarules.keyring method (using our own cipher), or the encrypted passwords from com.pega.pegarules.pub.PassGen (using the builtin cipher) are working with these tools. Both methods just result in database authorization errors.

What is the correct way to encrypt the passwords used by these tools?

To see attachments, please log in.
Security
System Administration

  • REDDI RANI PULIKANTI

Accepted Solution

Posted: 7 years ago
Posted: 26 Apr 2017 11:54 EDT
Celeste Dufresne (CelesteDufresne_GCS)
PEGA
Fellow, Technical Support, Cloud Service
Pegasystems Inc.
US

https://community.pega.com/support/support-articles/import-using-prpcutils-fails-when-using-encrypted-db-passwords

This article was written for 7.1.7 but should still be applicable in 7.2.1.  The specific line numbers mentioned in the article may be different in the 7.2.1 version of prpcUtils.xml compared to the 7.1.7 version.  If you have questions about what changes to make in 7.2.1 then open an SR and I'll give you specific instructions for 7.2.1.

 

To see attachments, please log in.
Posted: 7 years ago
Posted: 26 Apr 2017 10:46 EDT
Celeste Dufresne (CelesteDufresne_GCS)
PEGA
Fellow, Technical Support, Cloud Service
Pegasystems Inc.
US

For prpcUtils in the properties file there is a way to provide your own prbootstrap and prconfig instead of having the tool generate them for you.  Then you will need to make a modification to the prpcUtils.xml file to specify the keyring as a system property and comment a couple of things out that are not expecting a keyring file.  I believe there is an open epic to make prpcUtils to be able to use a keyring file OOB. 

What version of Pega are you looking to do this for?  I will find an article that tells you about this.

As for the migrate script there is not a way to use passgen/keyring with that.

To see attachments, please log in.

Accepted Solution

Posted: 7 years ago
Posted: 26 Apr 2017 11:54 EDT
Celeste Dufresne (CelesteDufresne_GCS)
PEGA
Fellow, Technical Support, Cloud Service
Pegasystems Inc.
US

https://community.pega.com/support/support-articles/import-using-prpcutils-fails-when-using-encrypted-db-passwords

This article was written for 7.1.7 but should still be applicable in 7.2.1.  The specific line numbers mentioned in the article may be different in the 7.2.1 version of prpcUtils.xml compared to the 7.1.7 version.  If you have questions about what changes to make in 7.2.1 then open an SR and I'll give you specific instructions for 7.2.1.

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice