Skip to main content Skip to complementary content

Configuring MDM encryption key

Talend MDM uses a base64-encoded encryption key to encrypt all passwords in

  • the mdm.conf and datasources.xml configuration files located in <MDM_ROOT>\conf, and
  • the data-authoring-gateway.properties and data-authoring-proxy.properties configuration files located in <MDM_ROOT>/apache-tomcat/conf for Talend Data Authoring for MDM.

By default, the encryption key is auto-generated and saved as the value of the mdm.encryption.key property in the <MDM_ROOT>\apache-tomcat\conf\aeskey.dat file when you start your MDM server for the first time.

Talend MDM allows you to modify the encryption key by either of the following two ways:

  • updating the value of the mdm.encryption.key property in the <MDM_ROOT>\apache-tomcat\conf\aeskey.dat file, or
  • adding a system property encryption.keys.file to use an encryption key in another properties file.

Pay attention to the following for the MDM encryption key:

  • After the MDM encryption key for a Talend MDM instance is generated or modified, the MDM encryption key must be used for all the Talend Studio clients interacting with the MDM instance.
  • You can create connections to as many MDM servers as needed in Talend Studio. The MDM encryption key in Talend Studio must be the same as the key in the MDM server interacting with Talend Studio. To ensure this consistency, you can update the MDM encryption key for Talend Studio based on the MDM instance interacting with Talend Studio and restart Talend Studio.

About this task

The following procedure shows you how to configure MDM encryption key.

Procedure

  1. If the passwords in the mdm.conf and datasources.xml configuration files have already been encrypted, replace them with plain text.
  2. If you are using Talend Data Authoring for MDM and if the passwords in the data-authoring-gateway.properties and data-authoring-proxy.properties configuration files have already been encrypted, replace them with plain text.
  3. Generate your new encryption key using a base64 encode tool, for example, https://www.base64encode.org.
    Information noteWarning: The length of the input string must be 16 or 32.
  4. To configure the MDM encryption key for a Talend MDM instance:
    1. To use the encryption key in the <MDM_ROOT>\apache-tomcat\conf\aeskey.dat file, set the value of the mdm.encryption.key property in the file to the new base64-encoded encryption key and save your changes.
      mdm.encryption.key=<base64_encoded_encryption_key>

      where <base64_encoded_encryption_key> is the new encryption key generated in the base64 encode tool.

    2. To use the encryption key in another properties file, add the mdm.encryption.key property in the file and set the new base64-encoded encryption key as its value, then add the following system property in the <MDM_ROOT>\apache-tomcat\bin\catalina.bat file:
      set "JAVA_OPTS=%JAVA_OPTS% -Dencryption.keys.file=<key_file_path>"

      where <key_file_path> is the path to the properties file, for example, D:\mdm-encryption-key\mdmkey.dat.

    3. Restart your MDM server.
      The passwords in the mdm.conf and datasources.xml configuration files will be encrypted with the new encryption key.
      Information noteNote:
      • The encrypted passwords might be different even if their plain text versions are the same.
      • The passwords are re-encrypted every time your MDM server is restarted.
  5. If needed, repeat the previous step to configure the MDM encryption key for other Talend MDM instances.
  6. To configure the MDM encryption key for a Talend Studio client:
    1. Open the \configuration\studio.keys file under the Talend Studio installation directory.
    2. Add the mdm.encryption.key property or modify its value if it already exists.
    3. Restart Talend Studio.
  7. If needed, repeat the previous step to configure the MDM encryption key for other Talend Studio clients.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!