Configuring a Cryptography Key

As part of the installation process, users must configure a cryptography key using symmetric key algorithm. In codebeamer versions before the 22.10 (GINA) release, the cryptography key was configured and stored in the application configuration in cryptography[@key] format. From codebeamer 22.10, the key is stored in a file.

Symmetric key cryptography uses the same secret key both for encryption and decryption. With this encryption method, the data is converted to a format that can only be read with the secret key.

In codebeamer, cryptography key is used to encrypt and decrypt the following passwords:

• Installer system administrator password
• Remote JIRA and Doors password
• Project import with password
• RPE secret
• Mail server password
• SAML service provider keys pass phase
• LDAP server password
• Bitbucket password
• User password
• Token (CB token, RPE token)

At a new codebeamer installation, a cryptography key must be created. If the key is generated from environment variables, the key cannot be modified. In other cases, users can create their own key in the xx-xx-xx-xx-xx-xx-xx-xx hexa format, or accept a system-generated key.

The cryptography key is configured by the following precedent:

1. CB_CRYPTOGRAPHY_KEY_FILE: the key is set from environment variables by reading the contents if the referenced file. The default key file is not written.
2. CB_CRYPTOGRAPHY_KEY: the key is set from environment variables and a key file is written.
3. cryptography_key file: the key is set from the file.
4. default: the key is set to default and it is written in a file.

The cryptography key is stored in the file system, the default file path is [cb]/config/cryptography_key.

When upgrading codebeamer to 22.10 (GINA) or newer versions, the key created in the earlier codebeamer version is copied, and saved in a default file.