Directory Server Documentation Index
Configuration Reference Home

File Based Cipher Stream Provider

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The File Based Cipher Stream Provider is used to read a specified file in order to obtain a password used to generate cipher streams for reading and writing encrypted data.

Parent Component
Properties
dsconfig Usage

Parent Component

The File Based Cipher Stream Provider component inherits from the Cipher Stream Provider

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ password-file
↓ wait-for-password-file

Basic Properties

description

Description
A description for this Cipher Stream Provider
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether this Cipher Stream Provider is enabled for use in the Directory Server.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

password-file

Description
The path to the file containing the password to use when generating ciphers. Note that the file-based cipher stream provider caches the key in memory so that it is not necessary to read the password file each time the server needs to access the encryption settings database. Most of the time, it will only be necessary for the file to exist when the server is starting, when the cipher stream provider is being initially configured, or when running the encryption-settings tool.
This allows for limiting the availability of this password file (e.g., by storing it on removable media that is inserted and mounted only when the password is needed). This can reduce the risk that the password will be exposed to an attacker who gains access to the server filesystem.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

wait-for-password-file

Description
Indicates whether the server should wait for the password file to become available if it does not exist. This may be useful if the password file is usually absent from the filesystem (e.g., stored on removable media that is inserted and mounted only when the password is needed) to reduce the risk of its exposure, and it is not available whenever an operation requires the password (e.g., starting the server or using the encryption-settings tool).
Note that the file-based cipher stream provider caches the key in memory so that it is not necessary to read the password file each time the server needs to access the encryption settings database. Most of the time, it will only be necessary for the file to exist when the server is starting, when the cipher stream provider is being initially configured, or when running the encryption-settings tool.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Cipher Stream Providers:

dsconfig list-cipher-stream-providers
     [--property {propertyName}] ...

To view the configuration for an existing Cipher Stream Provider:

dsconfig get-cipher-stream-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Cipher Stream Provider:

dsconfig set-cipher-stream-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new File Based Cipher Stream Provider:

dsconfig create-cipher-stream-provider
     --provider-name {name}
     --type file-based
     --set enabled:{propertyValue}
     --set password-file:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Cipher Stream Provider:

dsconfig delete-cipher-stream-provider
     --provider-name {name}