Institutions wishing to bootstrap their databases, and encrypt sensitive values afterwards will find great value in the post-load-encrypt target provided in build.xml.
The import tool provided with the distribution does not handle encryption of data. It takes the values in the XML files and inserts them literally into the database. So, if you have data which needs to be encrypted, you can either pre-encrypt it before creating the XML files (or insert using your own mechanism/tools) or use this post-load encryption process.
| Note |
|---|
|
Institutions planning on implementing a encryption algorithm different than the demonstration-grade encryption, must be implement the custom algorithm before performing the Post Data-Load Encryption.
Also, the encrypted data in the demo dataset is encrypted using the demonstration encryption service using the encryption key in the default kfs-build.properties. If you want to change the encryption style on your demo instance, you will need to develop a process to extract and re-encrypt the appropriate columns. |
Usage of the target is very straightforward:
- A
.properties file must be created, that lists all of the attributes of a given class that must be encrypted. See the example file below. - All properties to be encrypted must have
conversion="org.kuali.rice.kns.util.OjbKualiEncryptDecryptFieldConversion" as part of their <field-descriptor> in OJB. (You will be told if this is not the case.) - The path to the newly-created
.properties file must be listed in the kfs{{-build.properties}} file, for the build target to work properly. See the configuration properties page. - Using Eclipse or
ant, run the dist-local target, followed by the post-load-encrypt target.
File Structure
post-load-encrypt uses a standard .properties file to load its set of attributes to encrypt. The format followed is as such:
| Code Block |
|---|
| title | fieldsToEncrypt.properties |
|---|
|
#Proper format:
businessObjectClassName = list,of,attributes,that,need,to,be,encrypted
#Example Entry:
org.kuali.module.financial.bo.BankAccount=finDocumentBankAccountNumber
|
| Include Page |
|---|
| Include Footer |
|---|
| Include Footer |
|---|
|