Encrypting configuration variables and creating a new master key file

The Design Server comes with a default master key file (MKF) that contains a cipher key. However, the administrator can create a new MKF to generate a fresh cipher key to ensure that the key is known to none other than only the authorized people.

Before you begin

Install the HIP Design Server and the Runtime Server.

About this task

The administrator creates a master key file to generate a new cipher key instead of continuing to use the default one.

To create a master key file for generating a new cipher key, follow the steps below:


  1. On Linux, run the setup script in the Install directory to initialize the HIP runtime environment. On Windows, if the administrator has kept the DTXHOME in the PATH or if the admin has run the createmkf command from the installation location, then the HIP runtime environment is already initialized.
  2. On Linux, to generate a random cipher key, run createmkf.sh without a passphrase. On Windows, to generate a random cipher key, run createmkf.bat without a passphrase.
    Alternatively, to be able to reproduce the cipher key in case the master key file becomes corrupt or gets accidentally deleted in future; use the -passphrase option to type a passphrase.
    Note: If the passphrase has space in between the words, enclose the entire passphrase within double quotes. The master key file name can be any valid filename.
  3. To use the new master key file for Design Server configuration variables, keep the master key file on the host where Docker runs the Design Server.
    Note: Place the MKF file in the same location where the HIP_FILE_DIR environment variable is defined in the hip-server.env file so the Design Server can directly access it.
  4. Set the HIP_MKF_LOCATION environment variable in the hip-server.env file to the location and file name where Design Server can find the master key file.
    For example, the administrator can define the HIP_FILE_DIR as /opt/data/hipfiles, and define the HIP_MKF_LOCATION as /opt/data/hipfiles/configvars.mkf. This way, the master key file can be accessed from the Design Server as well as the host that runs the Design Server.
  5. If the administrator has installed the Design Server for configuration variables already, then re-run the install.sh script for the Design Server to call the new master key file. If the administrator wants to reinstall the Design Server
    • Run stop.sh script to stop the Design Server, then run clean.sh script to uninstall, and then run the install.sh script to reinstall. Start the Design server for configuration variables to start using the new master key file.