AESKey

The AES key to use for Knowledge Discovery data encryption. Setting this parameter or AESKeyFile turns on encryption for your DIH index queue.

NOTE: You cannot set both AESKey and AESKeyFile.

You can use this option to import a key directly from a secret source, such as an environment variable or HashiCorp Vault. See Include a Value from an Environment Variable and Import a Value from an External Source.

The key protects access to your encrypted data, so OpenText strongly recommends that you do not to supply it as a plain text configuration value. Setting a plain text value returns a configuration validation error, but does not prevent the server from starting up.

CAUTION: If you lose your encryption keys after you enable encryption, you cannot recover the encrypted data.

DIH does not start if the key file that you specify is not valid.

DIH uses 256-bit AES encryption. Encryption includes any data sent with index actions that is stored in your index queue before processing. If you have turned on archiving (by using ArchiveMode), DIH transfers the encrypted data to the archive.

NOTE: When DIH processes an index action to send to its child servers, it decrypts the data before it sends. OpenText recommends that you configure TLS encryption to ensure communication between the DIH and its child components is secure.

You can turn on AES encryption in an DIH that has existing data in the index queue, but the encryption applies only to new incoming data. However, DIH processes the unencrypted data as normal and deletes it after processing, unless you use archiving.

After you enable encryption, DIH verifies your encryption key each time you restart the server. The service logs an error and does not start if the key file has changed, or is missing.

NOTE: You can also enable encryption by using the -dataencryptionkey command line parameter when you start DIH. If you use this option, it overrides the AESKeyFile setting.

For more information about Content component index encryption, refer to the Knowledge Discovery Administration Guide.

Type: String
Default:  
Required: No
Configuration Section: DataEncryption
Example:
< :HASHICORPVAULT [VaultSettings] KDDataEncryptionAESKey : AESKey

This example imports the value of the KDDataEncryptionAESKey parameter in your HashiCorp Vault as the AES encryption key for data encryption.

See Also:

AESKeyFile