Administer > System security > Randomly generated master keys

Randomly generated master keys

Service Manager (SM) uses randomly generated master keys to protect local sensitive data (for example, keystore passwords) of the SM Server, web tier, Windows Client, Mobility Client, and Service Request Catalog (SRC).

Service Manager automatically generates a master key at the first startup of each of the following components and writes it to their corresponding configuration file.

Important The data contained in these files should be considered sensitive. Be sure to take appropriate measures to protect these files by ensuring only those users with appropriate access privileges are allowed to access and view the contents of these files.

Component Master key parameter Configuration file
Server smmasterkey

Server\RUN\sm.ini

Tip The encryptionkey parameter is used for encrypting fields in the database. If it is not configured, the master key in the sm.ini file is used instead.

Web tier masterKey

<customize-folder>\config\webtier.properties or <web tier>\WEB-INF\webtier.properties

Where: <customize-folder> represents the directory defined in the customize-folder parameter.

Windows Client masterKey

%USERPROFILE%\ServiceManager\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.hp.ov.sm.client.eclipse.base.prefs

Mobility Client randomRawKey <webapp>\WEB-INF\web.properties
SRC randomRawKey <SRC>\WEB-INF\classes\applicationContext.properties

Caution Once a master key is generated, do not remove it or change its value, otherwise the Service Manager Server will not start or other SM components (for example, the web tier) will not work.

You do not need to change the system-generated master keys; however, if you want the system to generate a new master key for an SM component, perform the following steps:

  1. Remove the master key parameter from the corresponding configuration file of the SM component.

  2. Reset all encrypted parameter values in the configuration file to clear text.
  3. Restart the Service Manager Server, web application server, Windows Client, Mobility application server, or SRC application server.

    A new master key is automatically generated; the parameter values are encrypted again.

Related topics

Encryption of configuration file settings

Encryption of client keystore passwords