#Licensed to the Apache Software Foundation (ASF) under one #or more contributor license agreements. See the NOTICE file #distributed with this work for additional information #regarding copyright ownership. The ASF licenses this file #to you under the Apache License, Version 2.0 (the #"License"); you may not use this file except in compliance #with the License. You may obtain a copy of the License at #http://www.apache.org/licenses/LICENSE-2.0 #Unless required by applicable law or agreed to in writing, #software distributed under the License is distributed on an #"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY #KIND, either express or implied. See the License for the #specific language governing permissions and limitations #under the License. msgid "" msgstr "" "Project-Id-Version: 0\n" "POT-Creation-Date: 2013-02-02T20:11:56\n" "PO-Revision-Date: 2013-02-02T20:11:56\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" "Content-Type: application/x-publican; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Tag: title #, no-c-format msgid "About Password and Key Encryption" msgstr "" #. Tag: para #, no-c-format msgid "&PRODUCT; stores several sensitive passwords and secret keys that are used to provide security. These values are always automatically encrypted:" msgstr "" #. Tag: para #, no-c-format msgid "Database secret key" msgstr "" #. Tag: para #, no-c-format msgid "Database password" msgstr "" #. Tag: para #, no-c-format msgid "SSH keys" msgstr "" #. Tag: para #, no-c-format msgid "Compute node root password" msgstr "" #. Tag: para #, no-c-format msgid "VPN password" msgstr "" #. Tag: para #, no-c-format msgid "User API secret key" msgstr "" #. Tag: para #, no-c-format msgid "VNC password" msgstr "" #. Tag: para #, no-c-format msgid "&PRODUCT; uses the Java Simplified Encryption (JASYPT) library. The data values are encrypted and decrypted using a database secret key, which is stored in one of &PRODUCT;’s internal properties files along with the database password. The other encrypted values listed above, such as SSH keys, are in the &PRODUCT; internal database." msgstr "" #. Tag: para #, no-c-format msgid "Of course, the database secret key itself can not be stored in the open – it must be encrypted. How then does &PRODUCT; read it? A second secret key must be provided from an external source during Management Server startup. This key can be provided in one of two ways: loaded from a file or provided by the &PRODUCT; administrator. The &PRODUCT; database has a new configuration setting that lets it know which of these methods will be used. If the encryption type is set to \"file,\" the key must be in a file in a known location. If the encryption type is set to \"web,\" the administrator runs the utility com.cloud.utils.crypt.EncryptionSecretKeySender, which relays the key to the Management Server over a known port." msgstr "" #. Tag: para #, no-c-format msgid "The encryption type, database secret key, and Management Server secret key are set during &PRODUCT; installation. They are all parameters to the &PRODUCT; database setup script (cloud-setup-databases). The default values are file, password, and password. It is, of course, highly recommended that you change these to more secure keys." msgstr ""