Sensitive data encryption/decryption using XPSExport
Article ID: 200719
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
We're running the command XPSExport and we'd like to know how to
encrypt and decrypt the sensitive data such as DB password, super user
password when exporting the full Policy Store data. How can we do that ?
Environment
Policy Server 12.8SP3 on RedHat 7;
Resolution
At first glance, according to documentation, running XPSExport with
the option "-pass" will encrypt all sensitive data.
XPSExport
-pass <passphrase> (Optional) Specifies the passphrase that is
required for encryption of sensitive data. This passphrase must be at
least eight characters long and must contain at least one digit, one
uppercase, and one lowercase character. The passphrase can contain a
space that is enclosed in quotes. If not specified as a command-line
option, the export process prompts for a passphrase when sensitive
data is being exported.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/administrating/policy-server-tools/xpsexport.html
Once you have exported the data, the only way to read the sensitive
data is to import back them running XPSImport with the same option :
XPSImport
-pass passphrase
(Optional) Specifies the passphrase that is required for decryption
of sensitive data. The phrase must be the same as the phrase
specified during export, or the decryption fails.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/administrating/policy-server-tools/xpsimport.html
Feedback
Yes
No
Powered by
