Configuring a Cryptography Key
As part of the installation process, users must configure a cryptography key using symmetric key algorithm. In codebeamer versions before the 22.10 (GINA) release, the cryptography key was configured and stored in the application configuration in cryptography[@key] format. From codebeamer 22.10, the key is stored in a file.
Symmetric key cryptography uses the same secret key both for encryption and decryption. With this encryption method, the data is converted to a format that can only be read with the secret key.
In codebeamer, cryptography key is used to encrypt and decrypt the following passwords:
- Installer system administrator password
- Remote JIRA and Doors password
- Project import with password
- RPE secret
- Mail server password
- SAML service provider keys pass phase
- LDAP server password
- Bitbucket password
- User password
- Token (CB token, RPE token)
At a new codebeamer installation, a cryptography key must be created. If the key is generated from environment variables, the key cannot be modified. In other cases, users can create their own key in the xx-xx-xx-xx-xx-xx-xx-xx hexa format, or accept a system-generated key.
The cryptography key is configured by the following precedent:
- CB_CRYPTOGRAPHY_KEY_FILE: the key is set from environment variables by reading the contents if the referenced file. The default key file is not written.
- CB_CRYPTOGRAPHY_KEY: the key is set from environment variables and a key file is written.
- cryptography_key file: the key is set from the file.
- default: the key is set to default and it is written in a file.
The cryptography key is stored in the file system, the default file path is [cb]/config/cryptography_key.
When upgrading codebeamer to 22.10 (GINA) or newer versions, the key created in the earlier codebeamer version is copied, and saved in a default file.
It is not recommended to change the cryptography key once it is set. If the key is changed, the authentication does not work, and every password needs to be reconfigured.