Encryption to secure files
BMC Atrium Orchestrator uses encryption to secure files created in BMC Atrium Orchestrator Development Studio, deployed on grids, and that can contain sensitive information.
The BMC Atrium Orchestrator platform encrypts certain files when writing to the file system. The encryption process does not require interaction or maintenance. However, you can configure the encryption parameters before you start the BMC Atrium Orchestrator component for the first time, and you can disable encryption for any component at any time.
If you upgraded from an earlier release, your existing files are not encrypted until they are rewritten.
Not all files written by BMC Atrium Orchestrator are encrypted. Only files that might contain sensitive configuration data are protected, including:
- Process definition files created in BMC Atrium Orchestrator Development Studio
- Module configuration files created in BMC Atrium Orchestrator Development Studio
- Module archive files, .roar files, that are exported to and deployed on grids
- Server connection files
- Persisted global context data state
Files are encrypted when they are written to the file system and are stored using the same file name that would be used if the files were not encrypted. By default, the files are encrypted using the Advanced Encryption Standard (AES) algorithm, using a 128-bit preconfigured key.
When exporting module archive files from BMC Atrium Orchestrator Development Studio to disk, the exported module archive files, .roar files, are not encrypted. This enables these module archive files to be imported into another BMC Atrium Orchestrator Development Studio instance, which could be configured to use a different set of encryption parameters.