CA Live API Creator: No encryption keys found, this is almost certainly BAD in production

book

Article ID: 76597

calendar_today

Updated On:

Products

CA API Gateway (Layer 7) SA94 to API SECURITY STARTER PACK-7 CA Rapid App Security MOBILE API GATEWAY CA Mobile - API Gateway CA API Gateway

Issue/Introduction

When running Live API Creator you may notice the following entries logged:

WARNING: No encryption keys found, this is almost certainly BAD in production
Make sure that the encryption key(s) is present in server.xml AND in context.xml. 

Environment

Release:
Component: APILAC

Resolution

This error is by design, it is indicating that you are not using an encryption key to encrypt and decrypt the database password and occurs for all application servers.

The below article gives you an idea of why encryption key is needed and how you can configure it. The article talk about how its done for Tomcat or Jetty package, but it should be very similar for JBOSS as well.

Refer to the Live API Creator documentation section titled 'Manage Encryption Keys' for further details on setting this up.