Securing sensitive data
This chapter provides critical guidelines and tools for protecting sensitive information within CloverDX environments. As data security becomes increasingly important, this section explores different methods and features to ensure that sensitive data is handled safely and effectively across CloverDX projects and operations. Whether you’re dealing with secure configurations, job parameters, or integrating third-party secret management services, this chapter equips you with the knowledge to safeguard your data.
The Securing configuration properties section explains how to encrypt sensitive configuration properties using the secure-cfg-tool.jar
utility. This tool offers both basic and advanced usage options, allowing users to encrypt values and integrate them seamlessly into CloverDX’s configuration files. This section covers the steps for encrypting these properties, customizing encryption settings, and ensuring the encrypted data is correctly configured within the application server.
The Securing job parameters in Server section focuses on encrypting graph parameters in the CloverDX Server environment. These parameters, often used to pass sensitive data like database passwords, can be secured so that their values are encrypted and stored safely. The encryption process is initialized with a master password. This section also discusses handling secure parameters when migrating projects between servers and offers guidance on re-encrypting parameters if a master password changes. For users needing enhanced encryption capabilities, this section introduces the Bouncy Castle cryptography provider, a third-party security library that offers stronger encryption algorithms than those provided by default in Java. The section includes step-by-step instructions on how to download, install, and configure Bouncy Castle in CloverDX Server, allowing users to choose from a broader range of encryption algorithms for securing job parameters.
Lastly, the Secret Managers section dives into how CloverDX integrates with external secret management services like Azure Key Vault and AWS Secrets Manager. These services provide secure storage for sensitive information and support rotation policies for increased security. The chapter details how to configure CloverDX to retrieve secrets at runtime, manage access control, and handle cached secrets to ensure sensitive data is properly protected throughout the lifecycle of a job.