Password masking
This feature helps secure passwords throughout Transact by encrypting them upon persistence in the database and masking them in the user interface. You can enable this feature in the dcma-encryption.properties file.
Password masking is provided in the following areas:
- Plugins
-
The following plugins have password fields marked with PASSWORD field types and are encrypted and masked:
-
CMIS_EXPORT
-
DB_EXPORT
-
FUZZYDB
-
- Email import
-
The password field for all email accounts that Transact uses for batch ingestion is encrypted and masked.
- CMIS import
-
CMIS repositories that are configured for importing documents are encrypted and masked.
Configure password masking
The dcma-encryption.properties file contains all of the properties that Transact uses for encryption. The dcma-encryption.properties file is located in the META-INF\dcma-encryption folder. During Transact server start-up, all existing password fields are encrypted and the dcma-encryption.properties file is updated.
To enable encryption, set the password.encrypt property to true. Transact will then run an encryption algorithm to encrypt passwords in the plugins mentioned above, email import, and CMIS import.
After Transact applies encryption, the encrypted values are appended with the password.encrypt_suffix property value and are persisted in the database. It is not necessary to configure the dcma-encryption.properties file on each server start-up. After encryption, the value of password.encrypt will be updated to false.
After the encryption of values, if the user alters value of any such field, its value will be encrypted before persisting it in the database.