The DataSync Agent can be configured to decrypt messages that have been published from a ServiceNow instance that is leveraging the ServiceNow Edge Encryption feature. Perspectium provides support for the Standard AES-128 and Standard AES-256 options.
Prerequisites
First, you will need to set up one of the Perspectium DataSync Agents.
You should stop running your DataSync Agent before making any Agent configuration changes.
In order to enable support for Edge Encrypted replicated data you must obtain configuration information that was defined in your ServiceNow Edge proxy configuration file edgeencryption.properties. The exception is the keystore password you created when you created the keystore. Once this information is available you'll use that information to populate your DataSync Agent's task configuration. The following table shows which proxy configuration directives are required and the associated replicator agent configuration directive.
| Edge Proxy directive | Agent directive |
|---|---|
| edgeencryption.encrypter.static.iv | initialization_vector |
| keystore password | keystore_password |
| edgeencryption.proxy.signature.keystore.keyalias | keystore_alias |
| edgeencryption.proxy.signature.keystore.password | alias_password |
With this information available add the following configuration directives to your task definition within your agent.xml file:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<config>
<agent>
<subscribe>
<task>
<task_name>example_subscribe</task_name>
<keystore_password>KEYSTORE_PASSWORD_GOES_HERE</keystore_password>
<keystore_alias>KEYSTORE_ALIAS_GOES_HERE</keystore_alias>
<alias_password>ALIAS_PASSWORD_GOES_HERE</alias_password>
<initialization_vector>INITIALIZATION_VECTOR_GOES_HERE</initialization_vector>
.
.
.
.
</task>
</subscribe>
</agent>
</config>
Additionally, you must obtain the keystore used by the ServiceNow proxy and place it within a directory called keystore within the Agent's root directory. The keystore file must be named keystore.jceks.
