Deprecated feature

Moving Payments instance password to a different medium while keeping the same value

To change the Payments instance password location from one secure location to another, but do not want to re-encrypt the sensitive data, then change the key provider without changing the value of the instance password.

About this task

Note: Although the Payments instance.xml file is not a secure location for the Payments instance password, it will be used as an example of current location in this document.

For an unattended start-up instance

To change the Payments instance password location from one secure location to another while maintaining the value of the password:

Procedure

  1. Ensure the instance is an unattended start-up instance. For more information, refer to Checking the WebSphere Commerce Payments instance password requirements.
  2. Stop the Payments instance.
  3. Change the key provider implementation. If you are using the default keys configuration file WCKeys.xml in the WC_installdir/payments/xml/config directory (which is the default behavior when installing the fix pack with PCI feature delivered), you need to create a custom keys configuration file first because the default WCKeys.xml file is for IBM use only and should not be modified by customers, to avoid being overwritten during migration to later versions of WebSphere Commerce. For example, if you want to move the Payments instance password from the instance.xml file to an external file, you can use the key provider implementation WCExternalFilePaymentsInstancePasswordImpl and configure it in the custom keys configuration file:
    
    <?xml version="1.0" encoding="UTF-8"?>
     <keys>
     <key name="PaymentsInstancePassword" 
     providerName="WC" 
     
    status="current"
     className="com.ibm.commerce.security.keys.
    WCExternalFilePaymentsInstancePasswordImpl">
     <config name="keyFile" value="InstancePassword.xml"/>
     </key>
     </keys>
    

    Note:

    • The KeyFile is to be created by you with the following contents:
      
      <?xml version="1.0" encoding="UTF-8"?>
      <keys>
      <key value="" />
      <keys/>
      
      The key value should be the encrypted Payments instance password that was previously stored in the Payments instance.xml file.
    • In the key provider configuration, the value of the KeyFile parameter can specify an absolute path or a relative path to the location of the custom keys configuration file. The relative path is recommended.
  4. Clear the InstancePassword attribute in the PMInstance section of the Payments instance XML file, that is, InstancePassword= "".
  5. Add an attribute KeysConfigFile in the PMInstance section of the Payments instance.xmlfile. The attribute points to the custom keys configuration file with a relative path to the Payments instance.xml directory: WC_installdir/instances/ payments_instance_name/xml For example, KeysConfigFile="config/CustomKeys.xml".
  6. Open the WebSphere Application Server Administrative Console and navigate to the JVM custom properties page. Modify the value of the property wpm.pip to "null". Add a new property with the name wpm.keysConfigFile and the same value as the KeysConfigFile attribute in the Payments instance.xml file.
  7. Start the Payments instance.

Results

For an attended start-up instance

To change the Payments instance password location from one secure location to another while maintaining the value of the password:

  1. Ensure the instance is an attended start-up instance. For more information, refer to Checking the WebSphere Commerce Payments instance password requirements.
  2. Stop the Payments instance.
  3. Change the key provider implementation. If you are using the default keys configuration file WCKeys.xml in the WC_installdir/payments/xml/config directory (which is the default behavior when installing the fix pack with PCI feature delivered), you need to create a custom keys configuration file first because the default WCKeys.xml file is for IBM use only and should not be modified by customers, to avoid being overwritten during migration to later versions of WebSphere Commerce. For example, if you want to move the Payments instance password from the instance.xml file to an external file, you can use the key provider implementation WCExternalFilePaymentsInstancePasswordImpl and configure it in the custom keys configuration file:
    
    <?xml version="1.0" encoding="UTF-8"?>
     <keys>
     <key name="PaymentsInstancePassword" 
     providerName="WC" 
     
    status="current"
     className="com.ibm.commerce.security.keys.
    WCExternalFilePaymentsInstancePasswordImpl">
     <config name="keyFile" value="InstancePassword.xml"/>
     </key>
     </keys>
    

    Note:

    • The KeyFile is to be created by you with the following contents:
      
      <?xml version="1.0" encoding="UTF-8"?>
      <keys>
      <key value="" />
      <keys/>
      
      The key value should be the encrypted Payments instance password that was previously stored in the Payments instance.xml file.
    • In the key provider configuration, the value of the KeyFile parameter can specify an absolute path or a relative path to the location of the custom keys configuration file. The relative path is recommended.
  4. Clear the InstancePassword attribute in the PMInstance section of the Payments instance XML file, that is, InstancePassword= "".
  5. Add an attribute KeysConfigFile in the PMInstance section of the Payments instance.xmlfile. The attribute points to the custom keys configuration file with a relative path to the Payments instance.xml directory: WC_installdir/instances/ payments_instance_name/xml For example, KeysConfigFile="config/CustomKeys.xml".
  6. Start the Payments instance.