Encrypting the user permissions file
User permissions are stored in the following repository file:
<product_dir>\Data\cfgrepo.sqlite
To prevent unauthorized access of this file, you can encrypt it using the procedure described below. After you perform the procedure, the repository file will be encrypted with the AES-256 bit cipher.
The length of any passwords specified during the procedure must be at least 32 characters.
To encrypt the repository file:
-
Open a command prompt as administrator and change the working directory to:
<product_dir>\bin
-
Run the following command to set the master user key:
aemctl.exe masterukey set --password your_MasterUserPassword
Example:
aemctl.exe masterukey set --password ANqaGYERP3UKmGLK6UNuMqrkAGxwH8FM
- Restart the Qlik Enterprise Manager service.
-
Run the following command to set the repository password:
aemctl.exe repository setpassword --master-user-password your_MasterUserPassword --repository-password your_RepositoryPassword
Example:
aemctl.exe repository setpassword --master-user-password ANqaGYERP3UKmGLK6UNuMqrkAGxwH8FM --repository-password 12345678901234567890123456789000
Steps 1-4 only need to be performed the first time you want to encrypt the repository file. If you subsequently need to decrypt the repository file and then re-encrypt it, they are not required.
-
Run the following command to encrypt the repository:
aemctl.exe repository secure --on --master-user-password your_MasterUserPassword
Example:
aemctl.exe repository secure --on --master-user-password ANqaGYERP3UKmGLK6UNuMqrkAGxwH8FM
- Restart the Qlik Enterprise Manager service.
To disable encryption for the repository:
-
Run the following command:
aemctl.exe repository secure --off --master-user-password your_MasterUserPassword
For information on setting user permission, see User permissions.
For more information on commands related to the master user password, see Commands Related to the Master User Password.