User Tools

Site Tools


replicator_agent_edge_encryption

Replicator Agent Edge Encryption

The Replicator Agent can be configured to decrypt messages that have been published from a ServiceNow instance that is leveraging the ServiceNow Edge Encryption feature. As of release 3.26, Perspectium provides support for the Standard AES-128 and Standard AES-256 options.

In order to enable support for Edge Encrypted replicated data you must obtain configuration information that was defined in your ServiceNow Edge proxy configuration file edgeencryption.properties. The exception is the keystore password you created when you created the keystore. Once this information is available you'll use that information to populate your Replicator Agent's task configuration. The following table shows which proxy configuration directives are required and the associated replicator agent configuration directive.

Edge Proxy directive Agent directive
edgeencryption.encrypter.static.iv initialization_vector
keystore password keystore_password
edgeencryption.proxy.signature.keystore.keyalias keystore_alias
edgeencryption.proxy.signature.keystore.password alias_password

With this information available add the following configuration directives to your task definition within your agent.xml file. Example below:

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<config>
    <agent>
        <subscribe>
            <task>
                <task_name>example_subscribe</task_name>
                    <keystore_password>KEYSTORE_PASSWORD_GOES_HERE</keystore_password>
                    <keystore_alias>KEYSTORE_ALIAS_GOES_HERE</keystore_alias>
                    <alias_password>ALIAS_PASSWORD_GOES_HERE</alias_password>
                    <initialization_vector>INITIALIZATION_VECTOR_GOES_HERE</initialization_vector>
                .
                .
                .
                .  
            </task>
        </subscribe>
    </agent>
</config>

Additionally, you must obtain the keystore used by the ServiceNow proxy and place it within a directory called keystore within the Agent's root directory. The keystore file must be named keystore.jceks.

replicator_agent_edge_encryption.txt · Last modified: 2018/11/05 10:54 by timothy.pike