Versions Compared

Old Version 2

changes.mady.by.user Paul Nguyen

Saved on

compared with

New Version Current

changes.mady.by.user Paul Nguyen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


HTML
<style>
.release-box {
	height: 30px; 
	width: 100px; 
	padding-top: 8px;
	text-align: center; 
	border-radius: 5px; 
	font-weight: bold; 
	background-color: #8efeb3;  
	border-color: #FCE28A;
}

.release-box:hover {
  	cursor: hand;
    cursor: pointer;
    opacity: .9; 
}
</style>
<meta name="robots" content="noindex">

<div class="release-box">
<a href="https://docs.perspectium.com/display/krypton" style="text-decoration: none; color: #FFFFFF; display: block;">
Krypton
</a>
</div>



Encrypting sensitive field values is supported in the meshlet. The meshlet will utilize encrypted fields based on values surrounded with encrypt( ). Thus, when the meshlet starts, any configuration values in the application.yml meshlet configuration file surrounded with encrypt( ) will be encrypted and the configuration file will be rewritten with the prefixes changed to encrypted( ).

(info) NOTE: THIS FEATURE IS COMING SOON(info) NOTE: Encrypting configuration fields must be done as a separate step when the meshlet isn't running. Encrypting it while the meshlet is running will cause the encrypted fields to not be read properly.


Prerequisites  

(warning) The meshlet must be installed with the Multitenant Meshlet as a Service installation script


Encrypting Meshlet Configuration Fields

To encrypt fields in the meshlet's configuration file, follow these steps: 


UI Expand
titleWindows


UI Steps


UI Step

Select fields to encrypt

Open the meshlet's configuration file (application-dev.yml) in a text editor and enter encrypt() around the field values you want to be encrypted. 

For example:

Code Block
languageyml
proxy:
    host: proxyExample.perspectium.net
    port: 8080
    username: userExample
    password: encrypt(<password_value>)

Where <password_value> is the original unencrypted value. For example, encrypt(mypassword) if your password is mypassword. You do not need to enter quotes or anything around the value. 


UI Step

Open up a Command Prompt

To encrypt the fields in the configuration file, open up a Command Prompt and run as an AdministratorFor example, type cmd in the Windows search window and right-click on Command Prompt and select Run as administrator.


UI Step

Find the encryptConfiguration.bat script

In the CommandPrompt, change your directory to the location where the encryptConfiguration.bat is stored.

For example if the file is stored at C:\Users\username\Downloads\meshlet.

Code Block
languagebash
cd ..\..\Users\username\Downloads\meshlet



UI Step

Run the encryption command

Execute the following command to encrypt your meshlet configuration file:

Code Block
languagebash
encryptConfiguration.bat "filepath/to/perspectium-meshlet.jar" "filepath/to/application-dev.yml"

Where filepath/to/perspectium-meshlet.jar is the location of the meshlet's jar (the executable file that runs the meshlet application) as previously installed with the Multitenant Meshlet as a Service installation script and filepath/to/application-dev.yml is the location of the meshlet's application-dev.yml.

(info) NOTEWhen entering the locations of the meshlet jar and meshlet's application-dev.yml, enter the filepath with "" as shown above. The quotes ensure the filepath is captured correctly in case of directory names with spaces in them.


Using the example from the Multitenant Meshlet as a Service installation script section above where we installed the Ivanti-User meshlet with the environment_name Production, this command would be: 

Code Block
languagebash
encryptConfiguration.bat "C:\Perspectium-Ivanti-User-Production\perspectium-meshlet.jar" "C:\Perspectium-Ivanti-User-Production\src\main\resources\config\application-dev.yml"



UI Step

Verify configuration fields are encrypted

Open the meshlet's configuration file (application-dev.yml) in a text editor and you will see the previous fields with encrypt() now replaced with encrypted() and the values have been encrypted:

Code Block
languageyml
proxy:
    host: proxyExample.perspectium.net
    port: 8080
    username: userExample
    password: encrypted(<encrypted_password_value>)



UI Step

Run your meshlet with the encrypted configuration fields

Now you can run the meshlet with the encrypted configuration fields as specified on installing and running the meshlet


(info) NOTEThe java command to run the meshlet will need to specify the location of the application.yml meshlet configuration file in the -Dspring.config.location property to properly run with the encrypted fields.

Code Block
languagebash
java -Dspring.profiles.active=dev(,basicauth if needed) -Dlogging.config=filepath\to\logback-spring.xml -Dspring.config.location=filepath\to\application-dev.yml -jar meshlet.jar

Contact Perspectium Support for more information.





UI Expand
titleLinux


UI Steps


UI Step

Select configuration fields to encrypt

Open the meshlet's configuration file (application-dev.yml) in a text editor and enter encrypt() around the field values you want to be encrypted. 

For example:

Code Block
languageyml
proxy:
    host: proxyExample.perspectium.net
    port: 8080
    username: userExample
    password: encrypt(<password_value>)

Where <password_value> is the original unencrypted value. For example, encrypt(mypassword) if your password is mypassword. You do not need to enter quotes or anything around the value. 


UI Step

Run the encryption command

To encrypt the fields in the configuration file, you can use the following command in your terminal:

Code Block
languagebash
sudo /etc/init.d/psp-meshlet-meshlet_service_name encrypt "filepath/to/application-dev.yml"

Where psp-meshlet-meshlet_service_name is the name of the service as previously installed with the Multitenant Meshlet as a Service installation script and filepath/to/application-dev.yml is the location of the meshlet's application-dev.yml.

(info) NOTEWhen entering the location of the meshlet's application-dev.yml, enter the filepath with "" as shown above. The quotes ensure the filepath is captured correctly in case of directory names with spaces in them.

If the meshlet was installed with the online version of the installation script, this path is generally /opt/perspectium-<MeshletName>Meshlet-<meshlet_service_name>/src/main/resources/config/application-dev.yml.


Using the example from the Multitenant Meshlet as a Service installation script section above where we installed the meshlet with the meshlet service name jira-change-prod (and as the installation mentions above, the actual meshlet service name will be prepended by psp-meshlet-, i.e., psp-meshlet-jira-change-prod), this command would be: 

Code Block
languagebash
sudo /etc/init.d/psp-meshlet-jira-change-prod encrypt "/opt/perspectium-JiraChangeMeshlet-jira-change-prod/src/main/resources/config/application-dev.yml"



UI Step

Verify configuration fields are encrypted

Open the meshlet's configuration file (application-dev.yml) in a text editor and you will see the previous fields with encrypt() now replaced with encrypted() and the values have been encrypted:

Code Block
languageyml
proxy:
    host: proxyExample.perspectium.net
    port: 8080
    username: userExample
    password: encrypted(<encrypted_password_value>)



UI Step

Run your meshlet with the encrypted configuration fields

Now you can run the meshlet with the encrypted configuration fields as specified on installing and running the meshlet


(info) NOTEThe java command to run the meshlet will need to specify the location of the application.yml meshlet configuration file in the -Dspring.config.location property to properly run with the encrypted fields.

Code Block
languagebash
java -Dspring.profiles.active=dev(,basicauth if needed) -Dlogging.config=filepath/to/logback-spring.xml -Dspring.config.location=filepath/to/application-dev.yml -jar meshlet.jar

Contact Perspectium Support for more information.