Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The File Based Cipher Stream Provider is used to read a specified file in order to obtain a password used to generate cipher streams for reading and writing encrypted data.
↓Parent Component
↓Properties
↓dsconfig Usage
The File Based Cipher Stream Provider component inherits from the Cipher Stream Provider
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ password-file | |
↓ wait-for-password-file |
Description | A description for this Cipher Stream Provider |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether this Cipher Stream Provider is enabled for use in the Directory Server. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The path to the file containing the password to use when generating ciphers. Note that the file-based cipher stream provider caches the key in memory so that it is not necessary to read the password file each time the server needs to access the encryption settings database. Most of the time, it will only be necessary for the file to exist when the server is starting, when the cipher stream provider is being initially configured, or when running the encryption-settings tool. This allows for limiting the availability of this password file (e.g., by storing it on removable media that is inserted and mounted only when the password is needed). This can reduce the risk that the password will be exposed to an attacker who gains access to the server filesystem. |
Default Value | None |
Allowed Values | A filesystem path |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the server should wait for the password file to become available if it does not exist. This may be useful if the password file is usually absent from the filesystem (e.g., stored on removable media that is inserted and mounted only when the password is needed) to reduce the risk of its exposure, and it is not available whenever an operation requires the password (e.g., starting the server or using the encryption-settings tool). Note that the file-based cipher stream provider caches the key in memory so that it is not necessary to read the password file each time the server needs to access the encryption settings database. Most of the time, it will only be necessary for the file to exist when the server is starting, when the cipher stream provider is being initially configured, or when running the encryption-settings tool. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Cipher Stream Providers:
dsconfig list-cipher-stream-providers [--property {propertyName}] ...
To view the configuration for an existing Cipher Stream Provider:
dsconfig get-cipher-stream-provider-prop --provider-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Cipher Stream Provider:
dsconfig set-cipher-stream-provider-prop --provider-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new File Based Cipher Stream Provider:
dsconfig create-cipher-stream-provider --provider-name {name} --type file-based --set enabled:{propertyValue} --set password-file:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Cipher Stream Provider:
dsconfig delete-cipher-stream-provider --provider-name {name}