+

Search Tips   |   Advanced Search

Encrypting sensitive data


When creating a new content source using the Manage Search portlet, some secured content sources require that you enter sensitive data.

For example, this can be the user ID and password of the crawler user ID required for accessing the secured content source. When you later export the configuration of the search collection, we might want to protect the sensitive data. We can encrypt such sensitive data so that it is not stored as plain text on the hard drive. If you do not encrypt such data, the data is not included in the export.

For example, consider the case of content sources in the form of secured portal sites or HTTP sites that require a user ID and password. This sensitive data is stored on the portal server hard drive in plain text unless you choose to encrypt it. To ensure that such sensitive data is encrypted, perform the following procedure after portal installation:

  1. Copy the file searchsecret.xml to a temporary directory temp .. The original file is located in...:

      PORTAL_HOME/search/wp.search.admin/bin

  2. Open the copied file searchsecret.xml with an editor. Open the copied file searchsecret.xml with an ASCII editor.

  3. Replace the string CHANGE TO YOUR SECRET KEY  with a random string of your choice.

  4. Run the updated file searchsecret.xml using xmlaccess.sh command: 

    xmlaccess.sh -in searchsecret.xml \
             -out results.xml                  
             -user wpsadmin
             -pwd wpsadmin                  
             -url http://local_host:local_port/wps/config

    1. Specify the file name using the -in option.

    2. Specify a result file using the -out option.

    3. Check the result file to verify the XML request was executed successfully.

    The script creates a slot called search.secret in the credential vault. Portal search uses this slot to encrypt the passwords configured for crawlers. If this slot does not exist, the password is saved as clear text on the portal server hard drive. The file xmlaccess.sh is located in the directory PORTAL_HOME/bin. Example of the full command syntax for running the script searchsecret.xml: 

    cd PORTAL_HOME/bin/
./xmlaccess.sh -in temp/searchsearchsecret.xml       
               -user wpsadmin 
               -password wpsadmin 
               -url http://localhost:10039/wps/config

  5. Delete the copied file searchsecret.xmcontaining the encryption key.


Parent: Security considerations
Related: Search on secured Portal Search collections and other secured content sources
Search on secured portal sites and pages and content management items
Configure web server security
Work with xmlaccess.sh
Work with xmlaccess.sh