Identity Governance enables you to create and store encryption keys that will be used for handling sensitive data.
During installation, you must provide a password that the Identity Governance service uses for encrypting and decrypting the Identity Governance sensitive data. By default, the installation program places the encryption keystore file in the following location:
Linux: /opt/netiq/idm/apps/tomcat/conf/encrypt-keys.pkcs12
Windows: c:\netiq\idm\apps\tomcat\conf\encrypt-keys.pkcs12
During installation, the installer stores the encryption keystore password file in the following locations:
Linux: /opt/netiq/idm/apps/tomcat/conf/ism-sensitive.properties
Windows: c:\opt\netiq\idm\apps\tomcat\conf\ism-sensitive.properties
The installer also installs the following scripts to help you with encryption key related tasks:
configutil utility which includes support for encryption keystores
encode-password utility to obfuscate a value that is stored in the password supplier properties file
encrypt-password utility to encrypt database passwords that are stored in the server.xml
masterkey-gen utility to either generate a new encryption key keystore, or rotate a master key within an existing encryption key keystore
IMPORTANT:After installation, copy the keystore file:
For consistent use across other nodes and servers in a clustered and distributed environment.
To back up the file in case of VM or server crashes. When you back up the encryption keystore file, also back up the password file.