Encrypting an Application Profile
The application properties stored in an application profile sometimes contain some confidential information which is to be viewed by some specific set of people. This information must be handled across design time and runtime in a secure manner. You can encrypt one or more profiles and keep the sensitive information more secure.

The Encryption Settings dialog box is displayed.
Provide all of the following mandatory encryption settings:
- Keystore Path
- Keystore Type - The type is automatically selected based on your keystore file. The following keystore types are supported:
- JKS
- JCEKS
- PKCS12
- Key Alias Password
- Key Alias
- Keystore Password
The encryption settings persist for each application and need not be added each time when encrypting or decrypting any profile. The encryption settings are stored in the TIBCO.xml file with the private key and password values obfuscated.
- Procedure
- Click Encrypt Profiles.
- Select the profiles to encrypt. Click Ok.
- To decrypt the encrypted profiles, click
Encrypt Profiles, and clear the check box for the profile in the
Encrypt Profiles dialog box.
The profiles are decrypted first and the lock icon
is removed from the profiles.
If you modify encryption settings, TIBCO Business Studio for BusinessWorks verifies the keystore values and throws an error for invalid values.
To remove encryption setting, select Encryption Settings
and select the Clear All button. On removing setting directly if any existing encrypted profile is present, then it is decrypted first and encryption details are removed from the TIBCO.xml file.
For more information about encrypting an application profile using the bwdesign utility, see Using the bwdesign Utility.
Important: TIBCO recommends that once you encrypt the profiles, you must keep the keystore file at the same location where it was present before encryption operation. Do not change its location. If at all you are required to change the keystore file location, first decrypt the profiles and then change the location.To run an application having encrypted profiles on TIBCO BusinessWorks Container Edition at runtime:
- Place the KeyStore file at /resources/addons/certs folder.
- On Docker, create a Base Docker Image. For more information see, Creating the TIBCO BusinessWorks™ Container Edition Base Docker Image.
- On Cloud Foundry, create a Buildpack. For more information see, The TIBCO BusinessWorks™ Container Edition Buildpack.
- While running the applications on Container, pass the following environment variables:
- BW_PROFILE_ENCRYPTION_KEYSTORE
- BW_PROFILE_ENCRYPTION_KEYSTORETYPE
- BW_PROFILE_ENCRYPTION_KEYSTOREPASSWORD
- BW_PROFILE_ENCRYPTION_KEYALIASPASSWORD
- BW_PROFILE_ENCRYPTION_KEYALIAS
For more information on the environment variables, see Environment Variables for TIBCO Business Studio™ for BusinessWorks™
Note: Encryption of profiles is not supported for profiles that have an externalized value.