Encryption Manager

The encryption manager is a central component that provides encryption services for Step components that need to store sensitive values (like credentials for instance). The encryption manager is for instance used by the parameter module to store protected parameters.

Enable the encryption manager

The encryption manager can be enabled from the step.properties with the following property:

plugins.EncryptionManagerControllerPlugin.enabled=true

When starting a controller with the encryption manager the first time, a new RSA key pair will be generated and stored under the folder bin/encryptionManager. If required the path to the key pair folder can be changed using the property “encryption.manager.keypair.folder”.

If protected parameters are present in the step database when enabling the encryption manager, all protected parameters will be encrypted at the first controller start.

Migrate from a controller using encryption manager

If you aim to migrate the content of your step database to another instance, you’ll have to copy the key pair of the source instance and install it on the target instance. If the key pair present in the new instance doesn’t match with the key pair used on the source instance, the new instance won’t be able to start.

If you want to force the start of the controller with a different key pair, you’ll have to set following property to true:

encryptionmanager.keypair.force.generation=true

Enable the encryption manager

Migrate from a controller using encryption manager

See Also