The SkyVault-global.properties file (and other subsystem properties
file) holds configuration properties that contain sensitive information or passwords, such as
db.password. Use this information to encrypt any property using the SkyVault Encrypted Properties Management
Tool.
This tool uses the RSA/ECB/PKCS1PADDING encryption algorithm.
Note: This functionality is not
related to encrypted node
properties or cryptographic
password hashing.
Important: Boolean properties, number properties, and properties that contain
expressions cannot be encrypted.
The values for some of the properties that may contain sensitive data (see the list below) is hidden from JMX whereas other values, including non-sensitive values are shown in JMX. The administrator can set new values for the security-sensitive properties in JMX but they can't see the old value.
Here is the list of protected attributes (the value for these will be masked in the JMX console and Admin Console UI):
- SkyVault.hazelcast.password
- db.password
- mail.password
- solr.solrPassword
- cryptodoc.jce.key.passwords
- cryptodoc.jce.keystore.password
- ldap.synchronization.java.naming.security.credentials