Encrypting Values for Adapter Connection Assets

About this task

Microservices Runtime provides a way to generate an encrypted value which can be used in configuration variables template for sensitive data.

For encryption, Microservices Runtime uses password handles and the Password-Based Encryption technology installed with Microservices Runtime. A password handles associate a password on the host Microservices Runtime with a corresponding key (or handle). The handle is encrypted as an outbound password using the Password-Based Encryption (PBE) technology.

Note:

The password from the adapter's connection is not stored directly in the node.ndf file. Integration Server uses PassMan utility for securely storing the passwords.

When you generate a configuration variables template, Microservices Runtime encrypts any passwords that appear as property values in the template.

IBM recommends that you encrypt all passwords and other sensitive data in your configuration variables templates.

To encrypt a value

Procedure

  1. Open the Microservices Runtime Administrator for the Microservices Runtime that you want to use to generate an encrypted value.
  2. In the Microservices menu of the navigation panel, click Configuration Variables.
  3. On the Microservices > Configuration Variables page, click Generate Encrypted Configuration Variables.
  4. In the Generate Encrypted Configuration Variables page, enter a value to encrypt in the Value field.
    By default, Microservices Runtime Administrator masks any characters that you enter in the Value field. Click the Show Value check box, if you want Microservices Runtime Administrator to display the characters in clear text.
  5. Click Encrypt.
    Microservices Runtime encrypts the value and displays the encrypted value in the Encrypted Value field.
  6. Copy the encrypted value.
  7. Open the Adapter configuration properties file to which you want to add the encrypted value, locate the key for which you want to use the value, and then paste the copied value into the file.
  8. Execute Externalize Docker commands.
    Example

    When running a Microservices Runtime image in a Docker container, you can specify the configuration variables template and/or environment (ENV) variables in the docker run command.

    The following docker run command uses the SAG_IS_CONFIG_PROPERTIES environment variable to specify the name and location of the configuration variables template. In this example, the Docker image for the Microservices Runtime is named is:microPkg and exposes ports 5555 and 9999. Additionally, the location of the application.properties file is accessible by the Docker container. 

    docker run -d --name IS_Default -p 3333:5555 -p 9999 -v /opt/data:/opt/data 
-e SAG_IS_CONFIG_PROPERTIES=/opt/data/application.properties is:microPkg