# # AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: 0\n" "POT-Creation-Date: 2013-02-02T20:11:56\n" "PO-Revision-Date: 2013-02-02T20:11:56\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" "Content-Type: application/x-publican; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Tag: title #, no-c-format msgid "About Password and Key Encryption" msgstr "" #. Tag: para #, no-c-format msgid "&PRODUCT; stores several sensitive passwords and secret keys that are used to provide security. These values are always automatically encrypted:" msgstr "" #. Tag: para #, no-c-format msgid "Database secret key" msgstr "" #. Tag: para #, no-c-format msgid "Database password" msgstr "" #. Tag: para #, no-c-format msgid "SSH keys" msgstr "" #. Tag: para #, no-c-format msgid "Compute node root password" msgstr "" #. Tag: para #, no-c-format msgid "VPN password" msgstr "" #. Tag: para #, no-c-format msgid "User API secret key" msgstr "" #. Tag: para #, no-c-format msgid "VNC password" msgstr "" #. Tag: para #, no-c-format msgid "&PRODUCT; uses the Java Simplified Encryption (JASYPT) library. The data values are encrypted and decrypted using a database secret key, which is stored in one of &PRODUCT;’s internal properties files along with the database password. The other encrypted values listed above, such as SSH keys, are in the &PRODUCT; internal database." msgstr "" #. Tag: para #, no-c-format msgid "Of course, the database secret key itself can not be stored in the open – it must be encrypted. How then does &PRODUCT; read it? A second secret key must be provided from an external source during Management Server startup. This key can be provided in one of two ways: loaded from a file or provided by the &PRODUCT; administrator. The &PRODUCT; database has a new configuration setting that lets it know which of these methods will be used. If the encryption type is set to \"file,\" the key must be in a file in a known location. If the encryption type is set to \"web,\" the administrator runs the utility com.cloud.utils.crypt.EncryptionSecretKeySender, which relays the key to the Management Server over a known port." msgstr "" #. Tag: para #, no-c-format msgid "The encryption type, database secret key, and Management Server secret key are set during &PRODUCT; installation. They are all parameters to the &PRODUCT; database setup script (cloud-setup-databases). The default values are file, password, and password. It is, of course, highly recommended that you change these to more secure keys." msgstr ""