Lead your team forward
OCT 24 / 9AM ET Register nowEncryption Configuration
This article describes how to configure internal encryption between ONE modules and how to encrypt specific properties.
All properties listed are provided either through the Configuration Service, in the corresponding deployment for each module, or in the <module>/etc/application.properties
file.
Internal encryption
The communication between ONE modules can be encrypted so that any sensitive data exchanged between the modules is protected.
For instance, when jobs are submitted to Data Processing Module (DPM) from public clients, such as ONE Desktop, the information transmitted includes sensitive data from the runtime configuration, typically connection details and credentials for the data sources that are used in the executed plan.
This data is encrypted through a one-time key that is generated by the public client and encrypted using DPM’s public key.
To access the data, DPM uses its own private key to decrypt the one-time key, which is in turn used to decrypt the data.
If the internal.encryption.*
properties are configured, the sensitive data is encrypted again through the provided internal keystore.
The internal keystore can also be used to decrypt data source credentials coming from other modules, mainly Metadata Management Module (MMM). In this case, the same keystore needs to be configured for both Data Processing Engine (DPE) and MMM as the data is typically decrypted in DPE. This ensures that the sensitive data is securely transmitted from MMM for data processing.
All other communicating modules, such as MMM, must have these properties configured in the same or compatible way in order to prevent any conflicts. |
In DPE, all paths used in encryption properties (internal.encryption. and properties.encryption. ) must be absolute as they are used both by DPE and external runtime processes.
|
Property | Data type | Description |
---|---|---|
|
String |
The full path to the keystore used for internal encryption.
For example, |
|
String |
The full path to a plaintext file with the keystore password.
For example, |
|
String |
The name of the key used for encryption from the keystore file. Not used in DPE. |
|
String |
Defines the type of cipher used for encryption. Default value: Not used in DPE and MMM. |
Properties encryption
The properties keystore lets users specify their own keys to encrypt passwords before supplying them to DPM. For example, this can be used for keys that encrypt access to the data sources that users work with.
When the same keystore is configured for DPE, users can make sure that their credentials are protected until they are used to access the data for processing.
Property | Data type | Description |
---|---|---|
|
String |
The full path to the keystore used for properties encryption.
For example, |
|
String |
The full path to a plaintext file with the keystore password.
For example, |
|
String |
The name of the key used for encryption from the keystore file. Not used in DPE and MMM. |
Was this page useful?