Creating a Symmetric Key to Encrypt Data Source Passwords
Zoomdata provides a suite of pre-built connectors that connect the Zoomdata Server directly to your data source. If the data source requires a connection password in order to access the data, the credential information is saved in Zoomdata's storage repository - PostgreSQL. Zoomdata uses symmetric encryption to store the credential so that Zoomdata can access the data source, as needed, while providing a level of security for the saved information.
Zoomdata administrators can generate their own KeyStore using a symmetric key algorithm. This capability provides an additional level of security in the connection to and access of the data sources.
A symmetric key can be generated using Oracle's keytool program, which is a key and certificate management tool. This tool manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates. Refer to Oracle documentation for additional details about this keytool program.
Use the latest Java SDK (v1.8) to install the keytool program (as older versions of the SDK may require different installation steps).
Keep in mind, this user-generated KeyStore should be provided to Zoomdata after a new installation, prior to any connections being stored in Zoomdata. If a new user-generated key is provided after some connections are already stored, the passwords for these connections have to be re-supplied to Zoomdata after the new key is provided.
GENERATING A KEYSTORE WITH A SYMMETRIC KEY
- Enter the following command line to generate your symmetric key.
- Create a keystore password and press Enter to continue.
- Create a key password and press Enter to continue.
Store the keystore file in a location where the Zoomdata Server can access. For example:
/etc/zoomdata/ YourKeyStoreName .jks
Next, you need to edit the
file to add in the parameters needed for Zoomdata to integrate your symmetric key. If you have already logged into Zoomdata, be sure to log out first and close the browser.
Edit (or create) the Zoomdata configuration file (
zoomdata . properties):vi /etc/zoomdata/zoomdata.propertiesIf the configuration file does not exist, this command creates it.
Incorporate instructions for accessing your newly generated keystore file into the
file as provided below:
keystore.location=file:/etc/zoomdata/ YourKeyStoreName .jks
Restart Zoomdata Server. This ensures that the new keystore file is enabled and active within Zoomdata.
For the appropriate Linux command line, refer to the article Restarting Zoomdata Services .
The symmetric key should now be active in Zoomdata. If you see any error messages after the restart, submit a request for assistance.