Encryption

You can secure IBM PEM data with a Master Passphrase that enables you to encrypt passwords and other sensitive data.

When you deploy IBM PEM for the first time, run the Passphrase utility (DBUtils) to create a master key and add it to the database tables.

For more information, see the following topics:

Encryption Recommendations for Data at Rest

  1. Enable database-level encryption.
  2. Implement file system-level encryption. Protect data stored on file systems by enabling encryption at the file system level, ensuring unauthorized access is prevented.

Password and Secret Key Security Considerations and Best Practices

  1. Configure and secure JWT secrets.
    • PEM supports a configurable JWT secret. Ensure that JWT is always properly configured within PEM to maintain integrity and security.
    • Use a strong and complex JWT secret key to enhance encryption and ensure data trust.
    • Regularly rotate JWT secrets to mitigate the risk of compromise.
  2. Enforce strong credentials for secrets and passwords.