Zoomdata Version

Creating a Symmetric Key to Encrypt Data Source Passwords

OVERVIEW

Zoomdata provides a suite of pre-built connectors that connect the Zoomdata Server directly to your data source. If the data source requires a connection password in order to access the data, the credential information will be saved in Zoomdata storage repository - MongoDB. Zoomdata uses symmetric encryption to store the credential so that Zoomdata can access the data source, as needed, while providing a level of security for the saved information.

Zoomdata administrators can generate their own KeyStore using a symmetric key algorithm. This capability provides an additional level of security in the connection to and access of the data sources.

A symmetric key can be generated using Oracle keytool program, which is a key and certificate management tool. This tool manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates. Refer to Oracle documentation for additional details about this keytool program.

Use the latest Java SDK (v1.8) to install the keytool program (as older versions of the SDK may require different installation steps).

Keep in mind, this user-generated KeyStore should be provided to Zoomdata after a new installation, prior to any connections being stored in Zoomdata.  If a new user-generated key is provided after some connections are already stored, the passwords for these connections will have to be re-supplied to Zoomdata after the new key is provided.

GENERATING A KEYSTORE WITH A SYMMETRIC KEY

  1. Install the keytool program .
Use the latest Java SDK (v1.8) to install the keytool program.
  1. Enter the following command line to generate your symmetric key.
keytool -genseckey -alias YourKeyAlias -keyalg AES -keysize 256 -storetype jceks -keystore YourKeyStoreName.jks
  1. Create a keystore password and press Enter to continue.
  2. Create a key password and press Enter to continue.
  3. Store the keystore file in a location where the Zoomdata Server can access. For example: /etc/zoomdata/ YourKeyStoreName .jks

Next, you will edit the zoomdata.properties file to add in the parameters needed for Zoomdata to integrate your symmetric key. If you have already logged into Zoomdata, be sure to log out first and close the browser.

  1. Edit (or create) the Zoomdata configuration file ( zoomdata . properties ):
    vi /etc/zoomdata/zoomdata.properties
    If the configuration file does not exist, this command will create it.
  2. Incorporate instructions for accessing your newly generated keystore file into the .properties file as provided below:
    keystore.location=file:/etc/zoomdata/ YourKeyStoreName .jks
    keystore.password= YourKeyStorePassword
    keystore.key.alias= YourKeyAlias
    keystore.key.password= YourKeyPassword
  3. Restart Zoomdata Server. This will ensure that the new keystore file is enabled and active within Zoomdata.
    sudo service zoomdata start

The symmetric key should now be active in Zoomdata. If you see any error messages after the restart, submit a request for assistance.