Adding PKI keys to an environment file
The environment file must be configured with at least
one PKI key pair before you can deploy your model.A PKI key pair
is a keystore that contains a public key and a private key.
Before starting this task, you must obtain the Base64-encoded PKI
keystore in the PKCS #12 format.
In your model, PKI key pairs are used for impersonation and column encryption. When used for impersonation, the public and private keys are used to sign and validate impersonation tokens. When used for column encryption, they are used to encrypt and decrypt columns in the database.
When you add a PKI key pair to an environment file, you
specify three attributes:
- keystore
- The Base64-encoded PKI keystore in the PKCS #12 format.
- name
- The alias of the keystore. If the PKI key pair will be used for impersonation, this must match the name of the impersonation user. If the PKI key pair will be used for column encryption, this is the name that you will reference in the cipher key.
- password
- The password for the keystore. The password can be encrypted, and specified using the text:, base64:, hex:, or master: prefixes. In a production environment, the password should be master key encrypted.
PKI key pairs are typically the same throughout a deployment, so you can use the same keystore in multiple environment files. However, for security purposes, you should use different keystores in your development and testing environments than you use in your production environment.
To add PKI keys to an environment file in NexJ Studio: