Encrypt sensitive data
When creating a new content source using the Manage Search portlet, some secured content sources require entered sensitive data. For example, this can be the user ID and password of the crawler user ID required for accessing the secured content source. When we later export the configuration of the search collection, we might want to protect the sensitive data. We can encrypt such sensitive data so that it is not stored as plain text on the hard drive. If we do not encrypt such data, the data is not included in the export. For example, consider the case of content sources in the form of secured portal sites or HTTP sites that require a user ID and password. This sensitive data is stored on the portal server hard drive in plain text unless we choose to encrypt it. To ensure that such sensitive data is encrypted, perform the following procedure after portal installation:
- Copy the file searchsecret.xml to a temporary directory temp . The original file is located in:
PORTAL_HOME/search/wp.search.admin/bin
- Open the copied file searchsecret.xml with an editor.
- Replace the string CHANGE TO YOUR SECRET KEY with a random string of your choice.
- Run the updated file searchsecret.xma...
./xmlaccess.sh -in searchsecret.xml -out results.xml -user wpsadmin -pwd wpsadmin -url http://local_host:local_port/wps/config
- Specify the file name using the -in option.
- Set a result file using the -out option.
- Check the result file to verify the XML request was executed successfully.
The script creates a slot called search.secret in the credential vault. Portal search uses this slot to encrypt the passwords configured for crawlers. If this slot does not exist, the password is saved as clear text on the portal server hard drive. The file xmlaccess.sh|bat is located in the directory PORTAL_HOME/bin. Example of the full command syntax for running the script searchsecret.xml:
cd PORTAL_HOME/bin/ ./xmlaccess.sh -in temp/searchsearchsecret.xml -user wpsadmin -password wpsadmin -url http://localhost:10039/wps/config
- Delete the copied file searchsecret.xml containing the encryption key.
Parent Security considerations
Related information
Work with xmlaccess.sh