Manage Encryption Keys

If your API includes encrypted data source passwords and other secret information, such as connection and listener parameters of password data type, by default,  encrypts this information using the encryption key that  includes. All TeamSpace users use this encryption key. You can prevent other TeamSpace users from decrypting your passwords and reinforce security by defining your own encryption key.  uses the Blowfish encryption algorithm.
lac42
If your API includes encrypted data source passwords and other secret information, such as connection and listener parameters of password data type, by default, 
CA Live API Creator
 encrypts this information using the encryption key that 
CA Live API Creator
 includes. All TeamSpace users use this encryption key. You can prevent other TeamSpace users from decrypting your passwords and reinforce security by defining your own encryption key. 
CA Live API Creator
 uses the Blowfish encryption algorithm.
CA Live API Creator
 decrypts the data source passwords that you have included with your exported API using the previously defined encryption key. You can have 
CA Live API Creator
 re-encrypt a data source password using the latest encryption key by changing the data source password.
Define the Encryption Key for your Data Source Passwords
If you have included encrypted data source passwords with an exported API (you selected the 
Encrypt data source passwords
 option when you exported your API) in your DevOps processes, define the encryption keys in the 
CA Live API Creator
 instances that are involved in the deployment. 
CA Live API Creator
 uses these defined encryptions keys to encrypt and decrypt data source passwords across environments. 
For more information about how to export APIs in your DevOps processes, see Import and Export APIs.
Follow these steps:
  1. Create a random string of 16 characters using letters, numbers, and punctuation (except double quotes) for encryption key. The length of your key depends on your Java cryptography settings.
    Generate the characters using a service, such as random.org.
  2. Decide on a short name for your encryption key.
    CA Live API Creator
     orders your keys alphabetically, and activates the last one. Your short names sort alphabetically after 2, or after the last key name that is already defined.
    Best Practice:
    Name your first encryption key using today's date, using the YYYMMDD format. For example,
    EncryptionKey_20180210
    CA Live API Creator
     updates the key as you migrate 
    CA Live API Creator
     to a newer version and as you change your key over time. You can also update your data source passwords as part of your DevOps scripts.
  3. Define your encryption key based on the Java container on which you are running 
    CA Live API Creator
    :
    Apache Tomcat
    Follow these steps:
    • Create a link to a global JNDI resource by completing the following:
      • Open the 
        tomcat/apache-tomcat-<version>/conf/context.xml
         file.
      • Insert the following XML code within the 
        <Context>
         tag, save your changes, and then close the file:
        <ResourceLink name="EncryptionKey_20180210"
         global="EncryptionKey_20180210"
         type="java.lang.String"/>
    • Create an environment entry for the encryption key by completing the following:
      • Open the 
        tomcat/apache-tomcat-<version>/conf/context/server.xml
         file.
      • Insert the following XML code within the 
        <GlobalNamingResources>
         tag, save your changes, and then close the file:
        <Environment name="EncryptionKey_20180220"
         type="java.lang.String"
         value="AbC1$3D=F45_GhI7" />
        : You can include this environment entry in any section of the 
        server.xml
         file. You can define the entry at a more granular level.
    The single-user demonstration package of CA Live API Creator that is based on Jetty (demonstration package)
    Follow these steps:
    • Open the 
      <root 
      CA Live API Creator
       installation directory>/CALiveAPICreator/etc/jetty.xml
       file.
    • Insert XML code similar to the following inside the 
      <Configure>
       tag:
       <Configure id="Server" class="org.eclipse.jetty.server.Server">
        <New class="org.eclipse.jetty.plus.jndi.EnvEntry">
          <Arg></Arg>
          <Arg>EncryptionKey_20180210</Arg>
          <Arg type="java.lang.String">AbC1$3D=F45_GhI7</Arg>
          <Arg type="boolean">true</Arg>
        </New>
          etc...
  4. If you want to update a data source password that 
    CA Live API Creator
     encrypts to use this encryption key, change the data source password. Complete the following steps:
    1. Open your API in API Creator.
    2. In the Create section, click
      Data Sources
      .
      The data source
      Connection
      tab appears.
    3. Click the name of the data source that you want to change from the list of data sources.
    4. Enter the password in the
      Password
      field, and then save your changes.
      For more information about the fields for data sources, see Database Connectivity.
    CA Live API Creator
     re-encrypts the data source password using this encryption key.
Your encryption key is defined for the data source. The next time that you export your API, 
CA Live API Creator
 encrypts the data source password using the latest encryption key.