Configuring MDM encryption key
Talend MDM uses a base64-encoded encryption key to encrypt all passwords in
- the mdm.conf and datasources.xml configuration files located in <MDM_ROOT>/conf, and
- the data-authoring-gateway.properties and data-authoring-proxy.properties configuration files located in <MDM_ROOT>/apache-tomcat/conf for Talend Data Authoring for MDM.
By default, the encryption key is auto-generated and saved as the value of the mdm.encryption.key property in the <MDM_ROOT>/apache-tomcat/conf/aeskey.dat file when you start your MDM server for the first time.
Talend MDM allows you to modify the encryption key by either of the following two ways:
- updating the value of the mdm.encryption.key property in the <MDM_ROOT>/apache-tomcat/conf/aeskey.dat file, or
- adding a system property encryption.keys.file to use an encryption key in another properties file.
Pay attention to the following for the MDM encryption key:
- After the MDM encryption key for a Talend MDM instance is generated or modified, the MDM encryption key must be used for all the Talend Studio clients interacting with the MDM instance.
- You can create connections to as many MDM servers as needed in Talend Studio. The MDM encryption key in Talend Studio must be the same as the key in the MDM server interacting with Talend Studio. To ensure this consistency, you can update the MDM encryption key for Talend Studio based on the MDM instance interacting with Talend Studio and restart Talend Studio.