Manta Flow Password Encryption

Since Manta Flow extracts data from other systems, it needs to have passwords for connections stored in its configuration. However, storing these passwords in plain text can be a security issue, so IBM Automatic Data Lineage supports password encryption.

The encryption happens automatically behind the scenes whenever a new password is provided in Admin UI or through Orchestration API.

If possible, the PBKDF2WithHmacSHA512 hash algorithm is set up by default and the passwords are encrypted by default. If this is not possible, you will be informed during the Automatic Data Lineage installation process. In this case, contact Automatic Data Lineage support.

Prerequisites

Since Manta Flow uses the AES/CBC/PKCS5Padding algorithm for password encryption and the PBKDF2WithHmacSHA512 hash algorithm to generate 512-bit-long keys for password encryption/decryption by default, it is necessary to have Java Cryptography Extension (JCE) Unlimited Strength installed/enabled for your version of Java. This should be done by default; if not, set crypto.policy=unlimited in the file $JRE_HOME/conf/security/java.security.

The list of available secret factory algorithms can be found at SecretKeyFactory Algorithms.