AESKey

The AES key to use for Knowledge Discovery data encryption.

Setting this parameter or AESKeyFile turns on encryption for your Content component data index.

NOTE: You cannot set both AESKey and AESKeyFile.

You can use this option to import a key directly from a secret source, such as an environment variable or HashiCorp Vault. See Include a Value from an Environment Variable and Import a Value from an External Source.

The key protects access to your encrypted data, so OpenText strongly recommends that you do not to supply it as a plain text configuration value. Setting a plain text value returns a configuration validation error, but does not prevent the server from starting up.

CAUTION: If you lose your encryption keys after you enable encryption, you cannot recover your Knowledge Discovery data.

The Content component does not start if the key file that you specify is not valid.

You can determine the encryption status of your index by using the GetStatus action.

You can turn on AES encryption in an index that has existing content, but this does not encrypt all of your data. To ensure that all your data is encrypted, OpenText recommends that you re-index your data into an empty index. For more information about enabling encryption, see Encrypt the Data Index.

After you enable encryption, Content verifies your encryption key each time you restart the server. The service logs an error and does not start if the key file has changed, or is missing.

Similarly, if you use the DREINITIAL index action with a backup path, Content checks the encryption settings in the backup directory before attempting to restore the index. If the target index has incompatible encryption settings, the DREINITIAL index action fails with a bad parameter index status.

NOTE: You can also enable encryption by using the -dataencryptionkey command line parameter when you start the Content component. If you use this option, it overrides the AESKey setting.

Type: String
Default:  
Required: No
Configuration Section: DataEncryption
Example:
< :HASHICORPVAULT [VaultSettings] KDDataEncryptionAESKey : AESKey

This example imports the value of the KDDataEncryptionAESKey parameter in your HashiCorp Vault as the AES encryption key for data encryption.

See Also:

AESKeyFile