Question
WellsFargo
IN
Last activity: 28 Sep 2016 18:58 EDT
BIX + JCE Keyring encryption
Hi,
Does any one have implemented encrypting the database Id and Password included in the prconfig.xml file using JCE Keyring encryption? Will this set up work?
Below is the setup/design we have configured
OS: UNIX , BIX extraction : Through UNIX shell script
Appreciate if some one can respond.
-- Suman
***Updated by Moderator: Vidyaranjan| Updated Categories***
-
Like (0)
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Accepted Solution
Pegasystems Inc.
US
If you have both of those lines then you will need database entries for each and yes you will be prompted for both.
Not sure if this is true in earlier BIX 7.x versions but in 7.2 you can actually just keep this line and comment out the PegaDATA one since you really only are connecting using the PegaRULES datasource.
<env name="database/databases/PegaRULES/dataSource" value="java:comp/env/jdbc/PegaRULES"/>
Then you would need the PegaRULES database entries. You will still need to specify both the PegaRULES and PegaDATA defaultSchema values though.
<env name="database/databases/PegaRULES/url" value="jdbc:oracle:thin:@host:1521/db" />
<env name="database/databases/PegaRULES/userName" value="v72username" />
<env name="database/databases/PegaRULES/password" value="v72password" />
<env name="database/databases/PegaRULES/defaultSchema" value="v72rules" />
<env name="database/databases/PegaDATA/defaultSchema" value="v72data" />
Regarding the name of the prconfig.xml file. You can name it whatever you want. You would just need to update the pegarules.config property to your files location/name.
-Dpegarules.config=config/Myprconfig.xml
WellsFargo
IN
I was looking to one of the PDN article and the prerequiste for keyring encryption is have the below jar file in the lib directory. I don't see these jars included as part of the BIX distribution directory. Please advise
- ..\lib\pega\prprivate.jar
- ..\lib\pega\prpublic.jar
- ..\lib\pega\pricu2jdk.jar
- ..\lib\prdbcp.jar
- ..\lib\base\java6\prjsr166java6-3.0.jar
PFA list of directories inluded in our bix lib.
Pegasystems Inc.
IN
Hi Suman,
Kindly refer the below PN article which describes in detail the steps for Encrypting database and PRPC user passwords
https://pdn.pega.com/how-encrypt-passwords-properties-and-blobs
Refer section
Generating encrypted passwords with PassGen for the prbootstrap.properties file
Generating encrypted passwords with KeyringImpl for pegarules.keyring, specified in the prconfig.xml file.
Let me know if this answers your query.
Thanks,
Sushant Samuel
WellsFargo
IN
Thanks for providing the link. May I know how can I download the jar files I mentioned in my post.
--Suman
WellsFargo
IN
I have referred the pdn article and have below questions
1) Pega 7 supports split schema , but the article shows to enter db password only once. It should ask the database password 2 times , one for rule schema and other data schema
2) To run an extract rule we need both the rule schema and data schema right?
-- Suman
Pegasystems Inc.
IN
If you have the Pega installation media, you will find the jars you are looking for in pegadbinstall-classes.zip which is available under archives directory.
Pegasystems Inc.
US
The AdditionalProducts/BIX/lib directory has the jars needed.
WellsFargo
IN
I have referred the pdn article and have below questions
1) Pega 7 supports split schema , but the article shows to enter db password only once. It should ask the database password 2 times , one for rule schema and other data schema
2) To run an extract rule we need both the rule schema and data schema right?
-- Suman
Pegasystems Inc.
US
If your prconfig.xml file includes both a PegaRULES and PegaDATA datasource then yes you will be prompted for username/password of each. If you also included a datasource for a target database then it should prompt you for that database username/password as well.
WellsFargo
IN
Thanks Celeste. I have below 2 environment variables in my prconfig.xml file. So in this case it should prompt for 2 passwords?
<env name="database/databases/PegaRULES/dataSource" value="java:comp/env/jdbc/PegaRULES"/>
<env name="database/databases/PegaDATA/dataSource" value="java:comp/env/jdbc/PegaRULES"/>
And is their a mandate the name of the prconfig.xml file should always be as prconfig.xml?
-- Suman
WellsFargo
IN
Thanks Celeste. I have below 2 environment variables in my prconfig.xml file. So in this case it should prompt for 2 passwords?
<env name="database/databases/PegaRULES/dataSource" value="java:comp/env/jdbc/PegaRULES"/>
<env name="database/databases/PegaDATA/dataSource" value="java:comp/env/jdbc/PegaRULES"/>
And is their a mandate the name of the prconfig.xml file should always be as prconfig.xml?
-- Suman
Accepted Solution
Pegasystems Inc.
US
If you have both of those lines then you will need database entries for each and yes you will be prompted for both.
Not sure if this is true in earlier BIX 7.x versions but in 7.2 you can actually just keep this line and comment out the PegaDATA one since you really only are connecting using the PegaRULES datasource.
<env name="database/databases/PegaRULES/dataSource" value="java:comp/env/jdbc/PegaRULES"/>
Then you would need the PegaRULES database entries. You will still need to specify both the PegaRULES and PegaDATA defaultSchema values though.
<env name="database/databases/PegaRULES/url" value="jdbc:oracle:thin:@host:1521/db" />
<env name="database/databases/PegaRULES/userName" value="v72username" />
<env name="database/databases/PegaRULES/password" value="v72password" />
<env name="database/databases/PegaRULES/defaultSchema" value="v72rules" />
<env name="database/databases/PegaDATA/defaultSchema" value="v72data" />
Regarding the name of the prconfig.xml file. You can name it whatever you want. You would just need to update the pegarules.config property to your files location/name.
-Dpegarules.config=config/Myprconfig.xml
WellsFargo
IN
Thanks Celeste. It prompting for 2 passwords now.