Protected/Encrypted Properties Strategy

37 views
Skip to first unread message

Chris

unread,
Jan 13, 2022, 8:35:26 AMJan 13
to
Our TDI usage spreads across a handful of Windows (developers') workstations, 6 Windows servers, and 3 Linux servers. We run TDI 7.1.1 everywhere.

We have a growing need to better manage and share our "source code." Configs are pretty portable, of course. The challenge I'm hoping I can get some advice on is with Properties--particularly protected/encrypted properties.

If I create a properties file on my machine, any protected values are encrypted based on my stash file, and so aren't usable by anybody else or on any other machines without wholesale decryption, sharing, and then re-encryption.

Any suggestions on how to share encrypted properties across multiple machines without having to expose them as plain text?

Cheers,
Chris

Eddie Hartman

unread,
Jan 14, 2022, 2:05:54 AMJan 14
to
This is the sticky bit, Chris. Unless you are all using the same keystore, and therefore have the same server key, you will have to devise a strategy for decrypting assets like properties before sharing. If you are using git to share TDI work (which I recommend) then you could use push and pull hooks in git to handle this.

Or you could handle encryption/decryption yourself based on either a password or a shared cert key, for example by implementing your own get/setProperty function.

Hope this helps!
/Eddie

Chris

unread,
Jan 18, 2022, 10:25:12 AMJan 18
to
On Friday, January 14, 2022 at 1:05:54 AM UTC-6, Eddie Hartman wrote:
...If you are using git to share TDI work (which I recommend) then you could use push and pull hooks in git to handle this.

Thanks, as always, Eddie. We're using Git, for sure, but I'm pretty inexperienced. Are you aware of a tutorial anywhere that might describe how to use their push and pull hooks to get us where we want to go?

Cheers,
Chris

Eddie Hartman

unread,
Jan 19, 2022, 3:58:23 AMJan 19
to
TDI developer and allround wiz, Jens Thomassen, said it is better to use a shared cert for encrypting properties and files. Here's an article detailing how to do this:

https://www.ibm.com/docs/en/sdi/7.2.0.3?topic=security-working-encrypted-directory-integrator-configuration-files

Let me know how this works out for y'all!

/Eddie
Reply all
Reply to author
Forward
0 new messages