Moving Payments instance password to a different medium while keeping the same value
To change the Payments instance password location from one secure location to another, but do not want to re-encrypt the sensitive data, then change the key provider without changing the value of the instance password.
About this task
Note: Although the Payments
instance.xml
file
is not a secure location for the Payments instance password, it will be used
as an example of current location in this document.For an unattended start-up instance
To change the Payments instance password location from one secure location to another while maintaining the value of the password:
Procedure
Results
For an attended start-up instance
To change the Payments instance password location from one secure location to another while maintaining the value of the password:
- Ensure the instance is an attended start-up instance. For more information, refer to Checking the WebSphere Commerce Payments instance password requirements.
- Stop the Payments instance.
- Change the key provider implementation. If
you are using the default keys configuration file WCKeys.xml in the WC_installdir/payments/xml/config
directory (which is the default behavior when installing the fix pack with
PCI feature delivered), you need to create a custom keys configuration file
first because the default WCKeys.xml file is for IBM use only and should not
be modified by customers, to avoid being overwritten during migration to later
versions of WebSphere Commerce. For
example, if you want to move the Payments instance password from the
instance.xml
file to an external file, you can use the key provider implementation WCExternalFilePaymentsInstancePasswordImpl and configure it in the custom keys configuration file:<?xml version="1.0" encoding="UTF-8"?> <keys> <key name="PaymentsInstancePassword" providerName="WC" status="current" className="com.ibm.commerce.security.keys. WCExternalFilePaymentsInstancePasswordImpl"> <config name="keyFile" value="InstancePassword.xml"/> </key> </keys>
Note:
- The KeyFile is to be created by you with the following
contents:
The key value should be the encrypted Payments instance password that was previously stored in the Payments<?xml version="1.0" encoding="UTF-8"?> <keys> <key value="" /> <keys/>
instance.xml
file. - In the key provider configuration, the value of the KeyFile parameter can specify an absolute path or a relative path to the location of the custom keys configuration file. The relative path is recommended.
- The KeyFile is to be created by you with the following
contents:
- Clear the InstancePassword attribute in the PMInstance section of the Payments instance XML file, that is, InstancePassword= "".
- Add an attribute KeysConfigFile in the PMInstance section
of the Payments
instance.xml
file. The attribute points to the custom keys configuration file with a relative path to the Paymentsinstance.xml
directory: WC_installdir/instances/ payments_instance_name/xml For example, KeysConfigFile="config/CustomKeys.xml". - Start the Payments instance.