Simple - add the string {protect}= to the beginning of any line that you wish to encrypt in the property file - I'm using profiles_tdi.properties in the following example.
As an example, we change: -
...
source_ldap_user_password=Passw0rd123
...
to: -
...
{protect}-source_ldap_user_password=Passw0rd123
...
and then run an Assembly Line such as populate_from_dn_file.sh ( I'm using IBM Connections as an example ), and you'll then get this: -
...
{protect}-source_ldap_user_password={encr}89ae788e9f88bbc8877a7729e99ac9d990ea
...
Now I'm not sure how strong the encryption is, so you should, as always, protect your property files via other means i.e. physical access control, Unix permissions etc.
Nice :-)
2 comments:
The security is as strong as you want it. TDI can even run in 'lock-down' mode where everything is encrypted using a cert key - entire property files and Config.
And TDI supports FIPS security, a requirement since it is used by government and military organizations in the US and Europe.
-Eddie Hartman
www.tdi-users.org
@Eddie - thanks for the clarification, that's great to know
Post a Comment