Enabling password encryption for BIX command-line extractions

Enable security for the database username and password by implementing a Java Cryptography Extension (JCE) keyring encryption. To do so, create a pegarules.keyring file and append the encryption information to your command-line extraction Java method.

Business Intelligence Exchange (BIX) command-line extract files store usernames and passwords within log and configuration files in plain text. Enabling password encryption for BIX command-line extractions stores usernames and passwords in an encrypted form.

For additional details on creating a keyring for other instances of database password, see article How To Encrypt Database Passwords Using a JCE Keyring file.

  1. Open the prconfig.xml file with your text and source-code editor, such as Notepad++.
  2. Below the line that contains the element <env name="database/databases/PegaDATA/password" value="a_password " />, add the following keyring prefix element to create the BIX-extract.kerying: <env name="identification/KeyringPrefix" value="BIX-extract" />
  3. Specify an encryption algorithm by adding the following identification/KeyringAlgorithm element: 
  • <env name="identification/KeyringAlgorithm" value="AES" />
    1. Specify the length of the key that you want to use to encrypt the file by adding the following identification/KeyringLength element: 
  • <env name="identification/KeyringLength" value="256" />
    1. Save and close the prconfig.xml file.
    2. Run your command-line extraction with the following changes:
      1. Add the KeyringImpl Java class: com.pega.pegarules.crpyto.KeyringImpl
      2. Add the directory and file name in which you want to generate the pegarules.keyring file.
        For example: .\config\pegarules.keyring
      3. Add the directory location of the prconfig.xml file.
        For example: .\config\prconfig.xml
      4. Add the Extract Java class and its distribution directory.
        For example: C:\imp com.pega.pegarules.data.internal.access.ExtractImpl
      For details about running a command-line extraction process, see Running a BIX command-line extraction.
      For example: Full encryption information:
      com.pega.pegarules.crpyto.KeyringImpl .\config\pegarules.keyring .\config\prconfig.xml C:\imp com.pega.pegarules.data.internal.access.ExtractImpl
      Full command-line extraction with appended encryption information:
      java –Xms512m –Xmx768m –classpath".;lib\prbootstrap-api.jar;lib\prbootstrap.jar;lib\prdbcp.jar;lib\db2jcc_v95.jar;lib\jsr94-1.0.jar;$CLASSPATH$ -Dcom.pega.pegarules.bootstrap.properties.url=config\prbootstrap.properties -Dpegarules.config=config\prconfig.xml -Dpegarules.logging.configuration=config\prlog4j2.xml -Dcom.pega.pegarules.bootstrap.ignorejndi=true com.pega.pegarules.pub.PegaRULES com.pega.pegarules.crpyto.KeyringImpl .\config\pegarules.keyring .\config\prconfig.xml C:\imp com.pega.pegarules.data.internal.access.ExtractImpl -i PegaSample!SampleBIX