Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking Administration
  3. Authentication
  4. Security
  5. Connection Management
  6. JDBC Client Configuration
  7. ODBC Client Configuration
  8. Configuration for MicroStrategy
  9. Access Control
  10. Logs
  11. High Availability
  12. Server Control
  13. Performance Tuning
  14. Troubleshooting
  15. Appendix A: Database Keywords

Administrator Guide

Administrator Guide

Default Keystore

Default Keystore

The default keystore and security provider are preconfigured for use with any database supported by Dynamic Data Masking.
The default keystore is a JCEKS-type keystore that permits both read and write operations. If the keystore does not already exist, it is created in the following location when the Dynamic Data Masking Server starts:
<DDM>/cfg/ddm.jceks
When you configure the target database, you can select the default keystore option and then enter the database user name and password. When you save the database object, an alias is automatically generated and saved in the keystore along with the database credentials. The Dynamic Data Masking Server reads the database credentials from the keystore to create an internal connection to the database. The alias is not visible in the database form, and the Dynamic Data Masking Server never sends the credentials to the client or outside of the Dynamic Data Masking Server.
Dynamic Data Masking upgrades each database object in the following process:
  1. Sets the default keystore in the database object.
  2. Sets the automatically-generated alias in the database object.
  3. Saves the alias, user name, and password of the database object in the default keystore.
  4. Removes the user name and password from the database object.
  5. Saves the resulting database object in the Management Console tree. The database object contains the alias and default keystore, but not the user name or password.
This upgrade is performed only when the database objects were created in versions of Dynamic Data Masking prior to 9.8.3.

0 COMMENTS

We’d like to hear from you!