Setting the custom key for encryption
After the installation of Talend Administration Center, it is mandatory to rotate the master key. To do so:
- In the Database Configuration page of Talend Administration Center, click Change master key.
- Enter text (there is no limitation for text) in the Change master
key field and click Launch Key Rotation.The new master key will be hashed in SHA256, encoded in base256 and saved in <tomcat_path>\WEB-INF\classes\configuration.properties. The property with information when this master key was last used is also added. For example,2020-08-19-17-40 is the identifier of the new master key which contains the master key creation time just to understand which master key is the latest.
master.key.2020-08-19-17-40=âjhiàkjjiinioliâknqãolmßqppãllkß master.key.2020-08-19-17-40_LastUsed=2020-08-19
Re-encryption of sensitive data will be started and execution of master key rotation will be logged in accordance to logging configuration. For more information, see Setting up the Logging parameters.
You can clean unused master keys manually or configure automatic cleaner in database by enabling master.key.cleaner to positive number. By default automatic master key cleaner is disabled. The value of master.key.cleaner means the quantity of days when master key is unused before it is cleaned. The latest master key will be never deleted.
Information noteWarning:master.key.*** properties cannot be changed or added directly in <tomcat_path>\WEB-INF\classes\configuration.properties. You can only delete unused ones.
If you have the same master.key.*** name, you need to do the rotation on one of the databases, and delete old master keys.
If your Talend Administration Center is in cluster mode, proceed as follow to rotate the master key:
- Stop all Talend Administration Center nodes in the cluster except the one where master key rotation will be executed.
- Start the master key rotation in the Database Configuration page.
- Copy the new master key master.key.YYYY-MM-dd-HH-ss that is generated in the <tomcat_path>\WEB-INF\classes\configuration.properties file to the configuration.properties of all Talend Administration Center nodes.
- Start the Talend Administration Center nodes that have been stopped.