Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Transparent Data Encryption : OpenEdge Key Store : Configuring key store access : Autostart
 
Autostart
Autostart delivers a passphrase you configure to open the key store automatically, so there is no prompting for a key store passphrase. Autostart mode does not impact scripts, but gives unfettered access to encrypted data.
Autostart can be configured when you enable your database for encryption by adding -Autostart { user | admin } to the PROUTIL ENABLEENCRYPTION command. If you do not specify -Autostart, manual start is configured. Specifying -Autostart admin is recommended only in a development environment. You can change the autostart configuration to use a different key store account with the PROUTIL EPOLICY MANAGE command at a later point in time.
To change your autostart configuration to the key store user account:
1. If you did not supply a key store user account passphrase when you enabled your database for encryption, create one now using PROUTIL EPOLICY MANAGE. You must specify the key store admin passphrase with -Passphrase if the database is not enabled for autostart with the admin account, as shown:
proenv>proutil t1demo -C epolicy manage keystore userphrase -Passphrase
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Enter the key store passphrase for database t1demo:

This command modifies encryption access control in the Keystore file.
After successful completion of the command, the Keystore file must be
backed-up. (15518)
Enter new passphrase [required] :

Please Retype your Passphrase for Verification
Enter new passphrase [required] :

proenv>
2. Change your autostart configuration by entering the key store user account passphrase when prompted:
proenv>proutil t1demo -C epolicy manage autostart user -Passphrase
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Enter the key store passphrase for database t1demo:

Manage autostart enable has been selected. (15523)
This command modifies encryption access control in the Keystore file. After
successful completion of the command, the Keystore file must be backed-up.
(15518)

proenv>
You can disable autostart at any time using PROUTIL EPOLICY MANAGE, as shown:
proenv>proutil t1demo -C epolicy manage autostart disable -Passphrase
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Enter the key store passphrase for database t1demo:

Manage autostart disable has been selected. (15523)
This command modifies encryption access control in the Keystore file. After
successful completion of the command, the Keystore file must be backed-up.
(15518)
proenv>
Observe that -Passphrase is added to the command line to override the autostart user account configuration and use the admin account.