Customize Cryptography

CustomizeKey Salt Store for Application Credentials

By default, Key Salt combination for Digital Worker Setup is pulled from the Database. This can be extended to a Json file or custom JS file.

Configure Key – Salt Length Validation

As per default security configurations, the permitted key length validation is set to allow minimum 32 and maximum of 128 characters. Update these characters on both the API and UI sides simultaneously.  Similarly, for Salt, the values are 16 and 32 respectively. These values can be modified as per the client requirement.

 

NOTE: 
  •  Restart the pods if you update the characters on the API side.
  •  The characters you update must be synced at both the UI and API levels.

 

 

To change the values at API level:

  1. Update the config.yml section in the <env->values.yaml file and restart the pod. For information on how to restart the pods, see the Digital Worker Utility section.


Config.yml

 

To change the values at UI level:

 

  1. Invoke the searchAPI to retrieve the systemConfigId. 

  2. Invoke the update API with the generated systemConfigId.

Set JS Custom file for Key Salt Store

To pull the combination from custom file, follow the below mentioned steps.

  1. Run the kubectl edit configmap controltower-yml-configs command to update the ControlTower configmap.
  2. Uncomment the crypto section and add the following entry.
    crypto:
    customExternalVault:"custom"
  3. Create a custom customSecureKey.js file and place at the $common-volume/controltower/data/extension/ customsecurekey/customSecureKey.js file.

  4. Restart the ControlTower pod.

Set JSON file for Key Salt Store

To pull the combination from the file system, create a JSON file as displayed.

 

 

NOTE: 
  •  Change the characters immediately after product installation and before saving any       credentials to the product database.
  • This change should be done only once in the product lifecycle.
  • Once updated or customized, users cannot change it to other sources.

 

 

The file content is as displayed in the JSON file and the file extension is .json

  • Combination of lower case (a-z) alphabets, upper case (A-Z) alphabets, and numeric keys (0-9) are allowed for KEY and SALT.
  • Ensure that KEY and SALT consists of minimum 32 characters. Maximum 128 characters are allowed.

To update the file:

 

  1. Run the kubectl edit configmap controltower-yml-configs command to update the ControlTower configmap.
  2. Uncomment the crypto section and add the following entry.
     crypto:
    customExternalVault:"file"
  3. Create a custom “customSecureKey.js” file, add the following key, and save it to the $common-volume/controltower/data/extension/customsecurekey/customSecureKey.js location.

  4. Restart the ControlTower pod.