System Encryption
Select System Configuration > Security.
FME Server, by default, encrypts sensitive data, including:
- Contents of the FME Server Database.
- Passwords of FME Server configuration backups.
- Secret keys for AWS S3 Resource connections.
This encryption is managed using an encryption key that is common to any FME Server installation. You may wish to enhance encryption security by generating your own custom encryption keys, which you can apply on a rotating basis.
When using custom encryption keys, keep in mind the following:
- Do not lose track of any custom keys you generate. Data that is encrypted under a lost key cannot be accessed.
- When performing a Backup & Restore of an FME Server configuration, you must restore to an FME Server that uses the same custom encryption key as the backup.
- Any change to system encryption, including generating a new custom encryption key, or reverting to default encryption, also affects the FME Server Database password, if already manually encrypted. To ensure this password is based on the current key, you must manually encrypt it again following any changes performed here. For more information, see Encrypting the FME Server Database Password.
Getting Started with Custom Encryption
Before generating and using custom encryption keys, you must enable custom encryption on the FME Server. Expand System Encryption, and select Encryption Mode: Restricted.
To generate and use a new custom encryption key
- Generate a custom encryption key: Click Generate Key. On the Generating Key dialog, click Generate to invalidate the previous key, and use the newly-generated one.
- Download the newly-generated key, in case you want to reuse it later: Click Download Key.
To reuse a previously-generated custom encryption key
- Click Upload Key.
- Under Choose .jceks File, click Upload File to select the key you want to use. Alternatively, drag-and-drop the key over the "Drop file to upload" area.
To stop using custom encryption
Select Encryption Mode: Secure (Default).