此内容没有您所选择的语言版本。
Chapter 8. Securing passwords with a keystore
You can use a keystore to encrypt passwords that are used for communication between Business Central and Decision Server. You should encrypt both controller and Decision Server passwords. If Business Central and Decision Server are deployed to different application servers, then both application servers should use the keystore.
Use Java Cryptography Extension KeyStore (JCEKS) for your keystore because it supports symmetric keys.
If Decision Server is not configured with JCEKS, Decision Server passwords are stored in system properties in plain text form.
Prerequisites
- Decision Server is installed in IBM WebSphere Application Server.
-
A Decision Server user with the
kie-server
role has been created, as described in Section 5.1, “Creating the Decision Server group and role”. - Java 8 or higher is installed.
Procedure
- Create a JCEKS keystore.
- When prompted, enter the password for the Decision Server user that you created.
Set the system properties listed in the following table:
Table 8.1. System properties used to load a Decision Server JCEKS System property Placeholder Description kie.keystore.keyStoreURL
<KEYSTORE_URL>
URL for the JCEKS that you want to use, for example
file:///home/kie/keystores/keystore.jceks
kie.keystore.keyStorePwd
<KEYSTORE_PWD>
Password for the JCEKS
kie.keystore.key.server.alias
<KEY_SERVER_ALIAS>
Alias of the key for REST services where the password is stored
kie.keystore.key.server.pwd
<KEY_SERVER_PWD>
Password of the alias for REST services with the stored password
kie.keystore.key.ctrl.alias
<KEY_CONTROL_ALIAS>
Alias of the key for default REST Process Automation Controller where the password is stored
kie.keystore.key.ctrl.key.ctrl.pwd
<KEY_CONTROL_PWD>
Password of the alias for default REST Process Automation Controller with the stored password
- Start Decision Server to verify the configuration.