Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Enabling password encryption for BIX command-line extractions in on-premises systems

Updated on April 6, 2022

Enable security for the database username and password by implementing a Java Cryptography Extension (JCE) keyring encryption. To do so, create a pegarules.keyring file and append the encryption information to your command-line extraction Java method.

Business Intelligence Exchange (BIX) command-line extract files store usernames and passwords within log and configuration files in plain text. Enabling password encryption for BIX command-line extractions stores usernames and passwords in an encrypted form.

This content only applies to on-premises systems and is not supported in Pega Cloud environments.

  1. Open the prconfig.xml file with your text and source-code editor, such as Notepad++.
  2. Below the line that contains the element <env name="database/databases/PegaDATA/password" value="a_password " />, add the following keyring prefix element to create the BIX-extract.kerying: <env name="identification/KeyringPrefix" value="BIX-extract" />
  3. Specify an encryption algorithm by adding the following identification/KeyringAlgorithm element:
  4. <env name="identification/KeyringAlgorithm" value="AES" />
  5. Specify the length of the key that you want to use to encrypt the file by adding the following identification/KeyringLength element:
  6. <env name="identification/KeyringLength" value="256" />
  7. Save and close the prconfig.xml file.
  8. Run your command-line extraction with the following changes:
    1. Add the KeyringImpl Java class: com.pega.pegarules.crpyto.KeyringImpl
    2. Add the directory and file name in which you want to generate the pegarules.keyring file.For example: .\config\pegarules.keyring
    3. Add the directory location of the prconfig.xml file.For example: .\config\prconfig.xml
    4. Add the Extract Java class and its distribution directory. For example: C:\imp
    For details about running a command-line extraction process, see Running a BIX command-line extraction in on-premises systems.
    For example: Full encryption information:
    com.pega.pegarules.crpyto.KeyringImpl .\config\pegarules.keyring .\config\prconfig.xml C:\imp
    Full command-line extraction with appended encryption information:
    java –Xms512m –Xmx768m –classpath".;lib\prbootstrap-api.jar;lib\prbootstrap.jar;lib\prdbcp.jar;lib\db2jcc_v95.jar;lib\jsr94-1.0.jar;$CLASSPATH$\ -Dpegarules.config=config\prconfig.xml -Dpegarules.logging.configuration=config\prlog4j2.xml -Dcom.pega.pegarules.bootstrap.ignorejndi=true com.pega.pegarules.crpyto.KeyringImpl .\config\pegarules.keyring .\config\prconfig.xml C:\imp -i PegaSample!SampleBIX
  • Previous topic Configuring BIX logs for command-line extractions in on-premises systems
  • Next topic Running a BIX command-line extraction in on-premises systems

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us