Encrypting an Application Profile

The application properties stored in an application profile sometimes contain some confidential information which is to be viewed by some specific set of people. This information must be handled across design time, runtime, and administration sides in a secure manner. You can encrypt one or more profiles and keep the sensitive information more secure.

Whenever you create a new application profile, by default, it is not encrypted.

Prerequisites

In the Application Properties Editor, select Encryption Settings .

The Encryption Settings dialog box is displayed.

Provide all of the following mandatory encryption settings:

  • Keystore Path
  • Keystore Type - The type is automatically selected based on your keystore file. The following keystore types are supported:
    • JKS
    • JCEKS
    • PKCS12
  • Key Alias Password
  • Key Alias
  • Keystore Password

The encryption settings persist for each application and need not be added each time when encrypting or decrypting any profile. The encryption settings are stored in the TIBCO.xml file with the private key and password values obfuscated.

Procedure

  1. Click Encrypt Profiles.
    The Encrypt Profiles dialog box is displayed.
  2. Select the profiles to encrypt. Click Ok.
    The encrypted profiles show a lock icon .
    The .substvar file of the encrypted profile contains encrypted content.
    Note: The application properties editor shows property values of the encrypted profile in the plain text format only.
  3. To decrypt the encrypted profiles, click Encrypt Profiles, and clear the check box for the profile in the Encrypt Profiles dialog box.
    The profiles are decrypted first and the lock icon is removed from the profiles.

    If you modify encryption settings, TIBCO Business Studio for BusinessWorks verifies the keystore values and throws an error for invalid values.

    To remove encryption setting, select Encryption Settings and select the Clear All button. On removing setting directly if any existing encrypted profile is present, then it is decrypted first and encryption details are removed from the TIBCO.xml file.

    For more information about encrypting an application profile using the bwdesign utility, see Using the bwdesign Utility.

    For more information about how application archives with encrypted profiles are handled at Admin side, see "Configuring Application Archives" in TIBCO ActiveMatrix BusinessWorks™ Administration.

    Important: TIBCO recommends that once you encrypt the profiles, you must keep the keystore file at the same location where it was present before encryption operation. Do not change its location. If at all you are required to change the keystore file location, first decrypt the profiles and then change the location.