Question

4
Replies
1363
Views
 J de Koning (Jeroend3)
Rabobank Nederland

Rabobank Nederland
NL
Jeroend3 Member since 2014 3 posts
Rabobank Nederland
Posted: April 26, 2017
Last activity: May 8, 2017
Posted: 26 Apr 2017 10:10 EDT
Last activity: 8 May 2017 10:19 EDT
Closed
Solved

Encryption of passwords used by prpcUtils (i.e. not in prconfig.xml and prbootstrap.properties)

We are trying to encrypt our JDBC passwords by creating a Keyring, as described in the Pega SAS course material (and various PDN pages).

While doing so we realized that prpcUtils.sh (Import and ExportRAP) as well as migrate.sh (needed for Pega-HA) are not using prconfig.xml and prbootstrap.properties.

Instead, they use prpcUtils.properties and migrateSystem.properties, respectively. Neither the -Dpegarules.keyring method (using our own cipher), or the encrypted passwords from com.pega.pegarules.pub.PassGen (using the builtin cipher) are working with these tools. Both methods just result in database authorization errors.

What is the correct way to encrypt the passwords used by these tools?

Security System Administration
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 4 years ago
Posted: 26 Apr 2017 10:46 EDT
Celeste Dufresne (CelesteDufresne_GCS)
PEGA
Principal Software Solutions Engineer
Pegasystems Inc.
US

For prpcUtils in the properties file there is a way to provide your own prbootstrap and prconfig instead of having the tool generate them for you.  Then you will need to make a modification to the prpcUtils.xml file to specify the keyring as a system property and comment a couple of things out that are not expecting a keyring file.  I believe there is an open epic to make prpcUtils to be able to use a keyring file OOB. 


What version of Pega are you looking to do this for?  I will find an article that tells you about this.


As for the migrate script there is not a way to use passgen/keyring with that.

Accepted Solution

Posted: 4 years ago
Posted: 26 Apr 2017 11:54 EDT
Celeste Dufresne (CelesteDufresne_GCS)
PEGA
Principal Software Solutions Engineer
Pegasystems Inc.
US

https://pdn.pega.com/support-articles/import-using-prpcutils-fails-when-using-encrypted-db-passwords


This article was written for 7.1.7 but should still be applicable in 7.2.1.  The specific line numbers mentioned in the article may be different in the 7.2.1 version of prpcUtils.xml compared to the 7.1.7 version.  If you have questions about what changes to make in 7.2.1 then open an SR and I'll give you specific instructions for 7.2.1.