Encryption to secure files

TrueSight Orchestration uses encryption to secure files created in TrueSight Orchestration Development Studio, deployed on grids, and that can contain sensitive information.

The TrueSight Orchestration Platform encrypts certain files when writing to the file system. The encryption process does not require interaction or maintenance. However, you can configure the encryption parameters before you start the TrueSight Orchestration component for the first time, and you can disable encryption for any component at any time.

Tip

If you upgraded from an earlier release, your existing files are not encrypted until they are rewritten.

Not all files written by TrueSight Orchestration are encrypted. Only files that might contain sensitive configuration data are protected, including:

  • Process definition files created in TrueSight Orchestration Development Studio
  • Module configuration files created in TrueSight Orchestration Development Studio
  • Module archive files, .roar files, that are exported to and deployed on grids
  • Server connection files

  • Persisted global context data state

    Files are encrypted when they are written to the file system and are stored using the same file name that would be used if the files were not encrypted. By default, the files are encrypted using the Advanced Encryption Standard (AES) algorithm, using a 128-bit preconfigured key.

    Note

    When exporting module archive files from TrueSight Orchestration Development Studio to disk, the exported module archive files, .roar files, are not encrypted. This enables these module archive files to be imported into another TrueSight Orchestration Development Studio instance, which could be configured to use a different set of encryption parameters.

Related topic

Configuring-secure-transport-protocol-and-cipher-suites-for-HTTPS

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*