Encryption Manager

As of release 3.16 of step enterprise, the so called encryption manager has been introduced. The encryption manager is a central component that provides encryption services for other step components that need to store sensitive values (like credentials for instance). In the current version of step, the encryption manager is used by the parameter module to store protected parameters.

Enable the encryption manager

The encryption manager can be enabled from the step.properties with the following property:

plugins.EncryptionManagerControllerPlugin.enabled=true

When starting a controller with the encryption manager the first time, a new RSA key pair will be generated and stored under the folder bin/encryptionManager. If required the path to the key pair folder can be changed using the property “encryption.manager.keypair.folder”.

If protected parameters are present in the step database when enabling the encryption manager, all protected parameters will be encrypted at the first controller start.

Migrate from a controller using encryption manager

If you aim to migrate the content of your step database to another instance, you’ll have to copy the key pair of the source instance and install it on the target instance. If the key pair present in the new instance doesn’t match with the key pair used on the source instance, the new instance won’t be able to start.

If you want to force the start of the controller with a different key pair, you’ll have to set following property to true:

encryptionmanager.keypair.force.generation=true

Enable the encryption manager

Migrate from a controller using encryption manager

See Also