Master Key File (MKF) expansion
To allow the inclusion of sensitive data, a Master Key File (MKF) encryption expansion expression is replaced at run-time and install-time with its decrypted value. The MKF encryption expansion expression should have been produced using a tool which is provided for this purpose. See the following description of the available tools given below.
${enc_mkf: mk_id=<master key ID>, check_id=<encryption check data>, iv=<encryption initialization vector>, data=<encrypted data>}The master key which is used for encryption determines the encryption algorithm which is used to encrypt the data.
A default MKF file is provided with a Link installation. A new MKF file can be created and used instead of the default file. See the sections on MKF files in the “Variables” documentation for information about creating a master key file.
A configuration property value can be encrypted in both Windows and Linux installations of Link. Encryption can be performed in place. This means that the value is read from the config.yaml file and replaced with an MKF encryption expansion expression. Alternatively, a value to be encrypted can be provided in a command line. The encryption tools use a JSON Pointer string to refer to the configuration property value to be encrypted.
- Open an administrator shell, and change the working directory to <installation root>/DesignServer
- Execute the following script using either the -inplace option or not.
encryptproperty.bat -inplace <JSON Pointer config.yaml path>encryptproperty.bat <JSON Pointer config.yaml path> <string to encrypt>
- Under an appropriate user, open a shell.
- Execute command Link encrypt with the appropriate arguments. For example, from
the installation root directory, execute one of:
./Link encryptproperty -inplace <JSON Pointer config.yaml path>./Link encryptproperty <JSON Pointer config.yaml path> <string to encrypt>