Document Properties
Kbid
Z30013
Last Modified
07-Jul-2023
Added to KB
12-Nov-2021
Public Access
Everyone
Status
Online
Doc Type
Guidelines
Product
ICM 7.10
Guide - 7.10.34.0 Encrypted Passwords in Managed Services

Table of Contents


Introduction

From ICM 7.10.34.0 the Managed Services Framework is able to encrypt passwords stored in the database. This guide provides information on how to migrate existing services.

Migration

Configure the desired service configuration parameter so that it can be encrypted. This can be done in the configdef folder of your service using the type Password:

/staticfiles/cartridge/configdef/<filename>.xml
<parameter name="YourService.password" type="Password" position="60">
    <labelKey>serviceparam.yourservice_password</labelKey>
    <descriptionKey>serviceparam.param.desc.yourservice_password</descriptionKey>
</parameter>

This step enables the Managed Services Framework to encrypt the related parameter when storing new values in the back office. For encryption the current default encryption algorithm is used. Be careful to keep the encryption algorithm in your encryption.properties file, otherwise it will not be possible to decrypt the parameter value again.

For your service implementation, make sure that you use the Configuration Framework to access your service parameters. Do not access the parameters by using the ServiceConfigurationPO object directly!

DBPrepare

It is also possible to encrypt passwords during the DBPrepare process using the ServiceConfigurationParameterPreparer. All parameters of type Password are encrypted and stored in the database.

resource_configuration_parameter.properties
ServiceConfiguration.1.Parameter.1.Name=YourService.password
ServiceConfiguration.1.Parameter.1.Value=yourPassword
ServiceConfiguration.1.Parameter.1.Type=Password
Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Home
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to supportadmin@intershop.de if you experience login issues,
or if you want to register as customer.