Skip to main content
Contact a Moderator

Question

1
Replies
282
Views
 Reevanshi Reevanshi (ReevanshiR0965)
Sopra Steria Group

Sopra Steria Group
IN
ReevanshiR0965 Member since 2018 6 posts
Sopra Steria Group
Posted: March 13, 2020
Last activity: March 13, 2020
Posted: 13 Mar 2020 5:20 EDT
Last activity: 13 Mar 2020 9:41 EDT
Closed

Password Encryption in context.xml

We are using Pega V7.2.2 , DataBase password are stored as simple text in context.xml and the requirement is to encrypt it as a security measure .

username=" username" password="password"

We went through various articles in pdn :

https://collaborate.pega.com/question/ecrypting-db-connection-password-contextxml-file

https://community.pega.com/knowledgebase/articles/security/encryption-pega-platform

 

All articles mentioned above .... they have suggested the solution for prconfig.xml . Do you have any additional information or solution to how to encrypt passwords in context.xml ?

Pega Platform Security Communications and Media Senior System Architect
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 1 year ago
Posted: 13 Mar 2020 9:41 EDT
Harish Gunneri (Harish_Gunneri)
PEGA
Senior Software Solutions Engineer
Pegasystems Inc.
US

Hi Reevanshi 

 

There are various places where DB username/password is specified in plaintext like prbooststrap & prconfig file to run certain CLI utilities. Please note keyring implementation is to encrypt the password for prconfig.xml, passgen is for prbootstrap.properties. 

Refer to the Password Encryption section here:- https://community.pega.com/knowledgebase/articles/security/encryption-pega-platform

Please note custom cipher implementation encrypts application-level data but not the database connection details in context.xml. If you want to encrypt the password in context.xml then that is a question for the application server. Pega doesn't have any recommendations to achieve this. 

 

Let me know if that clarifies.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice