Select System Configuration > Security.
FME Server encrypts sensitive data, including:
- The FME Server Database.
- Passwords of FME Server configuration backups.
- Secret keys for AWS S3 Resource connections.
By default, this encryption is managed using an encryption key that is common to any FME Server installation. You may wish to enhance encryption security by generating your own custom encryption keys, which you can apply on a rotating basis.
When using custom encryption keys, keep in mind the following:
- Do not lose track of any custom keys you generate. Data that is encrypted under a lost key cannot be accessed.
- When performing a Backup & Restore of an FME Server configuration, you must restore to an FME Server that uses the same custom encryption key as the backup.
Getting Started with Custom Encryption
Before generating and using custom encryption keys, you must enable custom encryption on the FME Server. Expand System Encryption, and select Encryption Mode: Restricted.
Note: You must be a member of the fmesuperuser role to enable custom encryption.
To generate and use a new custom encryption key
- Generate a custom encryption key: Click Generate Key. On the Generating Key dialog, click Generate to invalidate the previous key, and use the newly-generated one.
- Download the newly-generated key, in case you want to reuse it later: Click Download Key.
To reuse a previously-generated custom encryption key
- Click Upload Key.
- Under Choose .jceks File, click Upload File to select the key you want to use. Alternatively, drag-and-drop the key over the "Drop file to upload" area.
To stop using custom encryption
Select Encryption Mode: Secure (Default).