Database encryption overview
When you configure Maximo® Manage, specify encryption keys and encryption algorithms to determine how the fields that require security are encrypted.
Key | Description |
---|---|
MXE_SECURITY_CRYPTO_KEY | Use it to encrypt Crypto fields, such as passwords. For Crypto encryption, if you specify a MXE_SECURITY_CRYPTO_KEY value that matches the MXE_SECURITY_OLD_CRYPTO_KEY value that was used in the previous deployment, no reencryption occurs. If you specify a key value during deployment that does not match the MXE_SECURITY_OLD_CRYPTO_KEY value, the database is reencrypted. |
MXE_SECURITY_OLD_CRYPTO_KEY | Specifies the value for the previous Crypto encryption key that was used for the database. |
MXE_SECURITY_CRYPTOX_KEY | Used to encrypt CryptoX fields, including API keys, such as the electronic
signature key. For CryptoX encryption, if you specify a MXE_SECURITY_CRYPTOX_KEY value that matches the MXE_SECURITY_OLD_CRYPTOX_KEY value that was used in the previous deployment, no encryption changes occur. CryptoX values cannot be decrypted, and the original value cannot be determined. If you specify a key value in a deployment that does not match the MXE_SECURITY_OLD_CRYPTOX_KEY value, CryptoX values are set to null when encryption is run. |
MXE_SECURITY_OLD_CRYPTOX_KEY | Specifies the value for the previous CryptoX encryption key that was used for the database. |
Encryption property | Description |
---|---|
MXE_SECURITY_CRYPTO_ALGORITHM | The default value is AES. |
MXE_SECURITY_CRYPTO_MODE | The default value is CBC. |
MXE_SECURITY_CRYPTO_MODULUS | |
MXE_SECURITY_CRYPTO_PADDING | The default value is PKCS5Padding. |
MXE_SECURITY_CRYPTO_SPEC | The length must be a multiple of 8. |
MXE_SECURITY_CRYPTOX_ALGORITHM | The default value is AES. |
MXE_SECURITY_CRYPTOX_MODE | The default value is CBC. |
MXE_SECURITY_CRYPTOX_MODULUS | |
MXE_SECURITY_CRYPTOX_PADDING | The default value is PKCS5Padding. |
MXE_SECURITY_CRYPTOX_SPEC | The length must be a multiple of 8. |
<workspaceId>-<appId>-encryptionsecret
For more information about how to specify the encryption secret in the Maximo Manage configuration, see Adding encryption key secrets .
- Maintain your encryption keys in a vault or other secure management system for secrets.
- Specify your own values for encryption keys instead of using system-generated values. If you use system-generated values and do not create a backup, you cannot retrieve the keys. Without the keys, you cannot use your database.