Encrypting an Application Profile

The application properties stored in an application profile sometimes contain some confidential information which is to be viewed by some specific set of people. This information must be handled across design time and runtime in a secure manner. You can encrypt one or more profiles and keep the sensitive information more secure.

Whenever you create a new application profile, by default, it is not encrypted.

Prerequisites

In the Application Properties Editor, select Encryption Settings .

The Encryption Settings dialog box is displayed.

Provide all of the following mandatory encryption settings:

  • Keystore Path
  • Keystore Type - The type is automatically selected based on your keystore file. The following keystore types are supported:
    • JKS
    • JCEKS
    • PKCS12
  • Key Alias Password
  • Key Alias
  • Keystore Password

The encryption settings persist for each application and need not be added each time when encrypting or decrypting any profile. The encryption settings are stored in the TIBCO.xml file with the private key and password values obfuscated.

Procedure

  1. Click Encrypt Profiles.
    The Encrypt Profiles dialog box is displayed.
  2. Select the profiles to encrypt. Click Ok.
    The encrypted profiles show a lock icon .
    The .substvar file of the encrypted profile contains encrypted content.
    Note: The application properties editor shows property values of the encrypted profile in the plain text format only.
  3. To decrypt the encrypted profiles, click Encrypt Profiles, and clear the check box for the profile in the Encrypt Profiles dialog box.
    The profiles are decrypted first and the lock icon is removed from the profiles.

    If you modify encryption settings, TIBCO Business Studio for BusinessWorks verifies the keystore values and throws an error for invalid values.

    To remove encryption setting, select Encryption Settings and select the Clear All button. On removing setting directly if any existing encrypted profile is present, then it is decrypted first and encryption details are removed from the TIBCO.xml file.

    For more information about encrypting an application profile using the bwdesign utility, see Using the bwdesign Utility.

    Important: TIBCO recommends that once you encrypt the profiles, you must keep the keystore file at the same location where it was present before encryption operation. Do not change its location. If at all you are required to change the keystore file location, first decrypt the profiles and then change the location.
    To run an application having encrypted profiles on TIBCO BusinessWorks Container Edition at runtime:
    1. Place the KeyStore file at /resources/addons/certs folder.
    2. On Docker, create a Base Docker Image. For more information see, Creating the TIBCO BusinessWorks™ Container Edition Base Docker Image
    3. On Cloud Foundry, create a Buildpack. For more information see, The TIBCO BusinessWorks™ Container Edition Buildpack
    4. While running the applications on Container, pass the following environment variables:
      • BW_PROFILE_ENCRYPTION_KEYSTORE
      • BW_PROFILE_ENCRYPTION_KEYSTORETYPE
      • BW_PROFILE_ENCRYPTION_KEYSTOREPASSWORD
      • BW_PROFILE_ENCRYPTION_KEYALIASPASSWORD
      • BW_PROFILE_ENCRYPTION_KEYALIAS

    For more information on the environment variables, see Environment Variables for TIBCO Business Studio™ for BusinessWorks™

    Note: Encryption of profiles is not supported for profiles that have an externalized value.