Table of Contents

Search

  1. Preface
  2. Runtime environments
  3. Hosted Agent
  4. Secure Agent groups
  5. Secure Agents
  6. Secure Agent installation in a cloud environment
  7. Secure Agent installation in a local environment
  8. Serverless runtime environment setup
  9. Serverless runtime environments

Runtime Environments

Runtime Environments

Secure Agent data encryption

Secure Agent data encryption

The Secure Agent encrypts sensitive data that is stored in the Secure Agent directory, preventing an attacker from copying and running the Secure Agent on another machine. You can change the key that it is used to encrypt this data.
When you install a Secure Agent, some of the files in the Secure Agent directory contain sensitive data such as agent credentials, agent proxy credentials, and JDK keystore passwords. If you store connections on the Secure Agent, files on the Secure Agent machine also store the connection credentials.
To encrypt all the information stored within the Secure Agent, Informatica uses AES 256 as the encryption method. This method uses a key that is unique to the Secure Agent. The encryption key is generated using some machine-specific information and can be found in this location:
<Secure Agent installation directory>/apps/agentcore/conf
.
By default, the encryption key is generated using the following properties:
  • Operating system of the Secure Agent machine
  • Machine architecture, for example, 32-bit, 64-bit, or 64-bit ARM
  • Host name of the machine
  • Hardware MAC address
You can prevent some of these properties from being used to generate the encryption key. For example, if you plan to back up the agent on one machine and restore it on a different machine, you might want to exclude the host name and hardware MAC address. You can also add other properties to make the encryption even more secure. For example, if the Secure Agent is installed on Amazon Web Services, you might add the instance ID or the AMI ID.
You can change the encryption key at any time. To do this, you use the consoleAgentManager rotateDeviceKey command.
The command performs the following actions:
  • Re-encrypts the infaagent.ini and proxy.ini files.
  • Re-encrypts the connection master key.
  • Forces the redeployment of the Secure Agent services on the next startup.
After you run the command, you must also configure the following environment variables:
Environment variable
Description
INFA_AGENT_EXCLUDE_SEC_PROPS
Specifies the properties to exclude. Set the value to the same values you excluded in the rotateDeviceKey command.
INFA_AGENT_ADDITIONAL_SEC_PROPS
Specifies the properties to add. Set the value to the same values you added in the rotateDeviceKey command.

0 COMMENTS

We’d like to hear from you!