Data encryption
This page provides the details related to the encryption of data at rest and motion.
Data at rest
Now only the personal information data within the local PostgreSQL database is encrypted using a
secret key created with the PBEWithHmacSHA512AndAES_256 algorithm and the cipher
using a transformation of PBEWithHmacSHA512AndAES_256. The key for the secret key
is set via the DATABASE_CRYPTO_PASSPHRASE environment variable set in the
<install path>/server-instance/server.env file. If you require additional
encryption of data at rest for both tooling database and the data on storage server and target
environment, then you can use an encrypted file system.
Data in motion
The data transfers between the application running on IBM WebSphere Liberty and local PostgreSQL
database are completed using PostgreSQL JDBC driver with SSL enabled using the
require mode. The local PostgreSQL database is SSL enabled and utilizes the
certificates found in <install
path>/server-instance/resources/security/cert.key and <install
path>/server-instance/resources/security/cert.crt.
All data transferred between the application running on IBM WebSphere Liberty and remote systems (source environments, target environments, storage server, etc) are completed using a Secure Shell (SSH) session via the JSch library.