Encrypting Integration and Database Credentials - EcoSys - Administration - Hexagon PPM

EcoSys System Administration

PPMProduct
EcoSys
PPMCategory_custom
Administration & Configuration
Version_EcoSys
8.6

Storage of System Connection Credentials

Credentials for integration interfaces and database connections are stored in EcoSysin one of two formats: plaintext (human readable) or encrypted. Credentials are stored in configuration files, such as FMServerSettings.properties, or connection settings, such as external system connection parameter XML. 

Encryption is supported for the following integration credentials:

  • Command line batch parameters for application username and password (specified on the command line using scripts)

  • Primavera P6 service account username and password (stored in FMServersettings.properties)

  • Web service application username and password (stored in FMServersettings.properties)

  • SAP Adaptor service account username and password (configured in the external system XML via the UI)

  • POP3 and SMTP credentials in the FMServersettings.properties.

In each of these cases, the credentials may be specified using plaintext or an encrypted format, at the discretion of the administrator.

Application user passwords are stored in the EcoSys database using a one-way hash function and are never decrypted. These are not related to the password encryption described here.

How to Generate Encrypted Credentials

  1. Encryption Utility Screen: To encrypt a username or a password, go to the System Utilities page in EcoSys. Type the text to encrypt in the Clear text box, and then click Encrypt.

    The software displays the corresponding cipher text output in the Result box.

  2. Cipher text data format: To use the cipher text, replace the string cipher value here with your result text: CIPHERTEXT{cipher value here}. For this example, CIPHERTEXT{cipher value here} becomes CIPHERTEXT{ bMQQAKwpe1o=}. Use this full string in place of the user name and/or password in the FMServersettings.properties file.

    • Example of an encrypted password in FMServersettings.properties:

      datasource.JDBCPass=CIPHERTEXT{OPkMIGyinr2t5K+UGZnpPg=}

    • Example of a non-encrypted password:

      datasource.JDBCPass=fmuser

      When the application reads any setting the integration credentials, it will decrypt any value identified by the CIPHERTEXT marker. If no marker exists, the application assumes that the string is an unencrypted value. 

Server Keyphrase

EcoSys generates a secret key using a default passphrase. If a given installation requires higher security via a unique encryption key, you may modify the passphrase by adding the setting server.keyphrase=passphrase in the FMServersettings.properties configuration file. You may use a passphrase of any value or length for this setting.

server.keyphrase=2Q1H14kxq96846637829iR83M

If you are using a non-default passphrase, you must add this property in each FMServersettings.properties file (application servers and batch jobs FMServersettings.properties files).