OpenText Identity Governance enables you to create and store encryption keys that will be used for handling sensitive data.
During installation, you must provide a password that the OpenText Identity Governance service uses for encrypting and decrypting the OpenText Identity Governance sensitive data. By default, the installation program places the encryption keystore file in the following location:
Linux: /opt/netiq/idm/apps/tomcat/conf/encrypt-keys.pkcs12
Windows: c:\netiq\idm\apps\tomcat\conf\encrypt-keys.pkcs12
During installation, the installer stores the encryption keystore password file in the following locations:
Linux: /opt/netiq/idm/apps/tomcat/conf/ism-sensitive.properties
Windows: c:\opt\netiq\idm\apps\tomcat\conf\ism-sensitive.properties
The installer also installs the following scripts to help you with encryption key related tasks:
configutil utility which includes support for encryption keystores
encode-password utility to obfuscate a value that is stored in the password supplier properties file
encrypt-password utility to encrypt database passwords that are stored in the server.xml
masterkey-gen utility to either generate a new encryption key keystore, or rotate a master key within an existing encryption key keystore
IMPORTANT:After installation, copy the keystore file:
For consistent use across other nodes and servers in a clustered and distributed environment.
To back up the file in case of VM or server crashes. When you back up the encryption keystore file, also back up the password file.