[PAM] Custom Connector - How does it retrieve the PAM Encryption Key

book

Article ID: 192603

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The passphrase tomcat uses to decrypt the key to decrypt the data received, where is that passphrase referenced? Is it within the main capamef.war?

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

capamef.war when it receives the encrypted payload it will retrieve the encryption key by reading and decrypting the extension.encryption.pwd defined in the "extension_framework.properties" file and uses it to access the extension.keystore.file to obtain the PAM "Encryption Key".

This PAM "Encryption Key" is the one generated at the PAM GUI (Configuration - Custom Connectors) so it can decrypt any data encrypted and sent by PAM.